HackWatch
! High riskBR Breach

Senior ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty to Wire Fraud and Identity Theft

Breach coverage centered on exposed data, scope clarification and immediate containment priorities.

Potential exposure event. Confirm scope, identify affected accounts or records and move quickly on resets, notifications and monitoring.
Senior ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty to Wire Fraud and Identity Theft - HackWatch breach alert image
HackWatch breach alert image for: Senior ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty to Wire Fraud and Identity Theft
Marcin Pocztowski

Infrastructure Security Editor

Marcin Pocztowski

Infrastructure and Vulnerability Response

By: Artur Ślesik

Published: Apr 21, 2026

Updated: May 01, 2026

Incident status: Active threat

Corroborating sources: 2

Technical review credentials: Security+ evidence | RHCSA evidence | JNCIS-SEC evidence

Trust note:This alert is maintained under HackWatch's editorial policy, with visible source records, a named responsible editor and a correction channel for disputed facts.

The published article is checked against public sources before publication, and material corrections are reflected in the article update date.

Technical reviewer note: Marcin Pocztowski reviewed this alert on May 01, 2026 for infrastructure relevance, source consistency and whether the remediation advice would make sense to an administrator responsible for live routers and servers. His note keeps the action list grounded: validate scope, reduce exposed management paths, keep evidence intact and avoid claims that go beyond the 2 corroborating sources.

Review our editorial policy or send corrections to [email protected].

Active threat. The incident should still be treated as active until confirmed mitigation or patch adoption is verified.

Tyler Robert Buchanan, a senior member of the notorious cybercrime group Scattered Spider, has pleaded guilty to wire fraud conspiracy and aggravated identity theft. His involvement in a 2022 text-message phishing campaign compromised over a dozen major tech companies, resulting in the theft of tens of millions in cryptocurrency.

What happened

In April 2026, Tyler Robert Buchanan, a 24-year-old British national and senior member of the cybercrime syndicate known as "Scattered Spider," pleaded guilty to charges of wire fraud conspiracy and aggravated identity theft. Buchanan, known by the alias "Tylerb," was a key player in a sophisticated text-message phishing campaign executed during the summer of 2022. This campaign targeted employees at more than a dozen major technology companies, ultimately enabling the group to infiltrate corporate networks and steal tens of millions of dollars in cryptocurrency from investors.

The phishing attacks leveraged social engineering tactics via SMS messages, tricking victims into divulging credentials or installing malware that facilitated unauthorized access. Scattered Spider's operations demonstrated a high degree of coordination and technical skill, highlighting the evolving threat landscape surrounding cryptocurrency and tech sectors.

Confirmed facts

  • Tyler Robert Buchanan admitted guilt to wire fraud conspiracy and aggravated identity theft.
  • The attacks occurred primarily in summer 2022.
  • At least a dozen major technology companies were compromised through text-message phishing.
  • Tens of millions of dollars worth of cryptocurrency were stolen from investors.
  • The phishing scheme involved targeted SMS messages designed to harvest credentials or deploy malware.
  • Buchanan was a senior member of Scattered Spider, a cybercrime group specializing in phishing and cryptocurrency theft.

Who is affected

  • Employees of the targeted technology companies who received phishing messages and had their credentials compromised.
  • Investors and cryptocurrency holders whose digital assets were stolen as a result of the breaches.
  • The affected companies themselves, facing operational disruptions, reputational damage, and financial losses.
  • Broader technology and cryptocurrency communities, as the attack underscores vulnerabilities in corporate security and investor protections.

What to do now

  • Check for phishing attempts: Review any SMS or email messages for suspicious links or requests for credentials, especially if received unexpectedly.
  • Change passwords immediately: If you work at a tech company or handle cryptocurrency investments, update your passwords using strong, unique combinations.
  • Enable multi-factor authentication (MFA): MFA adds an extra layer of security beyond passwords and can prevent unauthorized access even if credentials are compromised.
  • Monitor cryptocurrency accounts: Regularly check wallets and exchange accounts for unauthorized transactions.
  • Report suspicious activity: Notify your IT or security team if you suspect you have been targeted by phishing or noticed unusual account behavior.

How to secure yourself

  • Be vigilant about SMS and email communications: Phishing via text messages (smishing) is increasingly common; never click on links or download attachments from unknown or unexpected sources.
  • Use hardware security keys: For high-value accounts, hardware-based authentication devices provide stronger protection than software MFA.
  • Keep software up to date: Regularly update operating systems, browsers, and security software to patch vulnerabilities.
  • Educate employees and peers: Training on recognizing phishing attempts reduces the risk of falling victim.
  • Segregate cryptocurrency holdings: Use cold wallets or offline storage for long-term holdings to minimize exposure.

FAQ

Who is Tylerb and what was his role in Scattered Spider?

Tyler Robert Buchanan, aka "Tylerb," was a senior member responsible for orchestrating phishing campaigns that compromised major tech companies and facilitated cryptocurrency theft.

How did the phishing attacks work?

The attacks used targeted SMS messages to deceive employees into revealing login credentials or installing malware, enabling unauthorized network access.

Am I affected if I work in tech or invest in cryptocurrency?

If you were employed at one of the compromised companies or held cryptocurrency with affected investors, you could be at risk. It's critical to review your accounts and follow security best practices.

What legal consequences does Buchanan face?

By pleading guilty, Buchanan faces sentencing for wire fraud conspiracy and aggravated identity theft, which carry significant prison terms and fines.

How can companies prevent similar attacks?

Implementing multi-factor authentication, conducting regular phishing simulations, adopting zero-trust security models, and educating employees are key preventive measures.

What makes text-message phishing particularly dangerous?

SMS messages often bypass email filters and can appear more personal, increasing the likelihood of victims trusting and acting on malicious content.

Has Scattered Spider been dismantled?

While key members like Buchanan have been apprehended, cybercrime groups often evolve. Continuous vigilance and law enforcement efforts remain crucial.

What should I do if I suspect my account was compromised?

Immediately change passwords, enable MFA, monitor for suspicious activity, and report the incident to your organization's security team or relevant authorities.

Are cryptocurrency exchanges safer now?

Many exchanges have improved security protocols, but users must still practice personal security hygiene to protect their assets.

How is law enforcement combating groups like Scattered Spider?

Through international cooperation, cybercrime task forces, and advanced digital forensics, authorities are increasingly successful in identifying and prosecuting cybercriminals.

Why this matters

The guilty plea of Tylerb underscores the persistent and evolving threat posed by organized cybercrime groups targeting technology companies and cryptocurrency investors. The scale and sophistication of the 2022 phishing campaign reveal critical vulnerabilities in corporate security and investor protections. As digital assets grow in value and importance, understanding these threats and implementing robust defenses is essential to safeguarding personal and organizational wealth. This case also highlights the importance of international law enforcement collaboration in disrupting cybercriminal networks.

Sources and corroboration - https://securityboulevard.com/2026/04/scattered-spider-member-tylerb-pleads-guilty/

Sources used for this article

helpnetsecurity.com, securityboulevard.com

Artur Ślesik

Real reviewer profile

Artur Ślesik

Founder of HackWatch.io and WEB-NET; Editorial Reviewer

Open reviewer profile

Artur Ślesik is the founder of HackWatch.io and WEB-NET, a real named reviewer with 17+ years of experience building and maintaining web portals.

Coverage focus: Secure web portals, phishing prevention, user-facing recovery guides and practical web-security review

Editorial disclosure: This is a real named founder profile. HackWatch does not claim unverified security certifications, SOC employment history or CERT incident-response credentials for Artur. Security guidance is grounded in public sources, HackWatch tooling and first-hand web-portal experience.

Artur leads this scam alerts coverage lane at HackWatch. This article is maintained as part of the ongoing editorial watch around "Senior ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty to Wire Fraud and Identity Theft".

Secure web portals and publishing operationsPhishing prevention and account-safety guidanceUser-facing recovery playbooks