British Hacker Pleads Guilty in $8M Cryptocurrency Theft Scheme Linked to "Scattered Spider" Collective
A 24-year-old British hacker, Tyler Robert Buchanan of Dundee, Scotland, pleaded guilty in U.S. federal court to conspiracy to commit wire fraud and aggravated identity theft for his role in a cybercrime campaign that stole at least $8 million in cryptocurrency. Buchanan, identified as a suspected leader of the hacking collective Scattered Spider, was arrested in June 2024 at Palma Airport in Spain while attempting to travel to Italy.
Scattered Spider operates as a decentralized group, distinguishing itself from traditional cybercrime organizations by consisting largely of native English speakers, which enhances its social engineering capabilities. Buchanan was among five defendants charged in November 2024 with orchestrating phishing campaigns that compromised employee credentials, enabling data theft and financial fraud.
The group targeted high-profile victims, including MGM Resorts, Coinbase, Twilio, Mailchimp, and LastPass, as well as at least a dozen other companies across telecommunications, technology, and cryptocurrency sectors. Their tactics involved smishing sending fraudulent SMS messages impersonating legitimate entities to trick employees into entering login details on spoofed websites. Stolen credentials were then used to infiltrate corporate systems and access sensitive data, including virtual currency accounts.
Prosecutors revealed that the conspirators shared stolen credentials via online messaging platforms, coordinating intrusions that extended to individual victims. Some attacks involved the theft of cryptocurrency seed phrases and account details recovered from seized devices.
Buchanan has been in U.S. custody since April 2025 and faces up to 22 years in prison. One co-defendant, Noah Michael Urban, is already serving a 10-year sentence after pleading guilty in April 2024. The remaining three alleged conspirators Ahmed Hossam Eldin Elbadawy, Evans Onyeaka Osiebo, and Joel Martin Evans remain awaiting trial.
Source: https://therecord.media/hacker-scattered-spider-guilty-plea
MGM Resorts International cybersecurity rating report: https://www.rankiteo.com/company/mgm-resorts-international
"id": "MGM1776687917",
"linkid": "mgm-resorts-international",
"type": "Cyber Attack",
"date": "6/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Hospitality, Entertainment',
'name': 'MGM Resorts',
'type': 'Corporation'},
{'industry': 'Cryptocurrency, Financial Services',
'name': 'Coinbase',
'type': 'Corporation'},
{'industry': 'Technology, Communications',
'name': 'Twilio',
'type': 'Corporation'},
{'industry': 'Technology, Marketing',
'name': 'Mailchimp',
'type': 'Corporation'},
{'industry': 'Technology, Cybersecurity',
'name': 'LastPass',
'type': 'Corporation'},
{'industry': 'Telecommunications',
'name': 'Telecommunications companies',
'type': 'Corporation'}],
'attack_vector': 'Smishing (fraudulent SMS messages), Credential Theft, '
'Social Engineering',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (PII, financial data)',
'type_of_data_compromised': 'Employee credentials, '
'cryptocurrency seed phrases, '
'virtual currency account '
'details'},
'description': 'A 24-year-old British hacker, Tyler Robert Buchanan, pleaded '
'guilty to conspiracy to commit wire fraud and aggravated '
'identity theft for his role in a cybercrime campaign that '
'stole at least $8 million in cryptocurrency. Buchanan, a '
'suspected leader of the hacking collective *Scattered '
'Spider*, was arrested in June 2024 and targeted high-profile '
'victims including MGM Resorts, Coinbase, Twilio, Mailchimp, '
'and LastPass using smishing and credential theft tactics.',
'impact': {'data_compromised': 'Employee credentials, cryptocurrency seed '
'phrases, virtual currency account details',
'financial_loss': '$8 million',
'identity_theft_risk': 'High',
'systems_affected': 'Corporate systems, cryptocurrency accounts'},
'initial_access_broker': {'entry_point': 'Smishing, credential theft',
'high_value_targets': 'Corporate employees, '
'cryptocurrency accounts'},
'investigation_status': 'Ongoing (some defendants awaiting trial)',
'motivation': 'Financial gain',
'post_incident_analysis': {'root_causes': 'Social engineering, lack of '
'employee awareness, credential '
'theft'},
'references': [{'source': 'U.S. federal court documents'}],
'regulatory_compliance': {'legal_actions': 'Conspiracy to commit wire fraud, '
'aggravated identity theft'},
'response': {'law_enforcement_notified': 'Yes (U.S. federal court '
'involvement)'},
'threat_actor': 'Scattered Spider (decentralized hacking collective)',
'title': 'British Hacker Pleads Guilty in $8M Cryptocurrency Theft Scheme '
"Linked to 'Scattered Spider' Collective",
'type': 'Cryptocurrency Theft, Phishing, Identity Theft',
'vulnerability_exploited': 'Employee credentials via spoofed websites'}