A British man has pleaded guilty in the United States to participating in a coordinated cyber fraud operation that targeted corporate employees and cryptocurrency holders, resulting in the theft of millions of dollars in digital assets. The case centres on 24-year-old Tyler Buchanan from Dundee, who admitted to conspiracy and identity theft offences following a multi-year investigation, The WP Times reports, citing BBC News.
According to the US Department of Justice, the scheme ran between September 2021 and April 2023 and relied on large-scale SMS phishing campaigns to gain access to corporate systems. Investigators say Buchanan and his co-conspirators sent deceptive text messages to employees at companies in sectors including technology, telecommunications and entertainment, directing them to fraudulent websites designed to capture login credentials. Once access was obtained, the group moved within internal systems, extracted sensitive data and accessed cryptocurrency accounts, ultimately stealing at least $8m (£5.9m) from victims across the United States.
Prosecutors said the operation was structured around social engineering rather than technical intrusion, reflecting a broader shift in cybercrime tactics. By using messages that appeared to come from trusted internal or service sources, attackers were able to bypass traditional security barriers and rely instead on human error. With valid credentials, they could enter corporate environments undetected, escalate access and identify high-value targets, including digital wallets and internal databases containing financial information.
Digital evidence recovered from Buchanan’s home in Scotland played a central role in the case. Authorities said devices seized during the investigation contained files with names, addresses and highly sensitive cryptocurrency data, including seed phrases and login details linked to victims. In his plea agreement, Buchanan admitted that this information was used to facilitate the theft of digital assets on a significant scale, with seed phrases allowing direct control over cryptocurrency wallets and enabling rapid transfer of funds.
The case is also linked to the wider cybercrime network Scattered Spider, which US authorities have associated with a series of high-profile breaches involving major companies. Among those identified as connected to the investigation is Noah Michael Urban, who previously pleaded guilty to fraud-related offences and is serving a 10-year federal prison sentence, alongside a restitution order of $13m. Prosecutors said additional defendants in the United States, all in their 20s, continue to face charges as part of the same case, which remains under investigation by the Federal Bureau of Investigation.
Buchanan has been in US federal custody since April 2025 and pleaded guilty to one count of conspiracy to commit wire fraud and one count of aggravated identity theft. He is scheduled to be sentenced on 21 August and faces a maximum penalty of 22 years in prison. The case underscores the increasing scale and sophistication of cyber-enabled financial crime, particularly in the cryptocurrency sector, where stolen assets can be transferred quickly across jurisdictions and are often difficult to recover once moved.
Read about the life of Westminster and Pimlico district, London and the world. 24/7 news with fresh and useful updates on culture, business, technology and city life: USS Tripoli deployment food crisis: marines report shortages as Iran war disrupts supply lines