A 24-year-old British national, Tyler Robert Buchanan, has pleaded guilty to orchestrating a massive cyberattack campaign that compromised over a dozen U.S. companies and resulted in the theft of at least $8 million in cryptocurrency.
According to a Friday announcement from the U.S. Attorney’s Office for the Central District of California, the Scottish hacker admitted to conspiracy to commit wire fraud and aggravated identity theft.
Operating between September 2021 and April 2023, Buchanan and his co-conspirators targeted a wide range of high-value sectors, including telecommunications, interactive entertainment, and cloud communications.
The cybercriminal syndicate relied heavily on social engineering, specifically targeting corporate employees through sophisticated SMS phishing (smishing) campaigns.
The attackers sent text messages posing as internal IT departments or contracted business process outsourcing (BPO) suppliers to trick workers into handing over sensitive access data.
The technical execution of the attack involved several key phases:
After infiltrating corporate networks, the threat actors used the stolen data to identify high-value individuals with significant cryptocurrency holdings.
To access these personal wallets and bypass security measures, the group utilized SIM swapping to defeat SMS-based two-factor authentication (2FA).
SIM swapping involves fraudulently convincing a mobile carrier to reassign a victim’s phone number to a criminal-controlled SIM card. By intercepting 2FA codes sent via text or phone, the hackers successfully drained millions of dollars in virtual currency.
When authorities raided Buchanan’s residence in Scotland in April 2023, they discovered digital devices containing vast databases of victims, cryptocurrency seed phrases, and stolen login credentials.
Buchanan has been in federal custody since April 2025 and is scheduled for sentencing on August 21, where he faces a statutory maximum of 22 years in federal prison.
The broader investigation, spearheaded by the FBI and international law enforcement agencies, including Police Scotland, has already netted other members of the cybercriminal ring.
One notable co-conspirator, 21-year-old Noah Michael Urban, recently pleaded guilty to similar fraud charges. Urban is currently serving a 10-year federal prison sentence and has been ordered to pay $13 million in restitution.
Three other defendants connected to the operation are still facing active criminal charges as the investigation continues.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
Hot this week
GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.
Company
Trending
Categories
Copyright @ 2016 – 2026 GBHackers On Security – All Rights Reserved

source