On Friday, April 17, 2026, a Scottish man admitted in federal court that he helped run an SMS phishing operation that prosecutors say stole at least $8 million in cryptocurrency from victims across the United States. Tyler Robert Buchanan, 24, of Dundee pleaded guilty to conspiracy to commit wire fraud and aggravated identity theft and remains in federal custody. His sentencing is scheduled for Aug. 21, 2026. Prosecutors say the intrusions stretched from September 2021 through April 2023 and hit both companies and individual crypto holders. The case has drawn attention for its mix of old-school social engineering with smishing and SIM swap tactics.
According to MyNewsLA, Buchanan has been in federal custody since April 2025 and admitted in a plea agreement that conspirators blasted out text messages disguised as routine communications from employers or vendors, then funneled recipients to convincing copycat login pages. The outlet reports that alleged victims spanned technology, telecommunications and entertainment companies, business-process outsourcing and information-technology providers, cloud communications firms, virtual-currency companies and individual investors. Prosecutors say stolen credentials were then used to break into employee accounts and, in some instances, to empty virtual currency wallets. Several other defendants are still facing charges in federal court.
One of those co-defendants, Noah Michael Urban, has already learned his fate in a related case. As reported by KrebsOnSecurity, Urban pleaded guilty in April 2025 and was sentenced in August 2025 to 10 years in prison and roughly $13 million in restitution. That earlier case was the first major sentence tied to the broader constellation of hackers that prosecutors and researchers associate with the Scattered Spider community.
How Prosecutors Say The Scheme Worked
Investigators say the crew leaned heavily on "smishing," or text-message phishing, to lure employees to fake authentication pages and then used the stolen credentials to move deeper into corporate systems. As reported by Investing.com, the conspirators also allegedly carried out SIM swap attacks so they could intercept authentication codes and reroute them to devices they controlled, then shuffled funds into attacker-owned wallets. Authorities say they followed domain registrations and other digital traces back to the accused as part of an international probe.
Who's Charged And What's Next
Federal prosecutors named five defendants in the original charging documents: Buchanan, Urban, Ahmed Hossam Eldin Elbadawy, Evans Onyeaka Osiebo and Joel Martin Evans. Buchanan's plea covers conspiracy to commit wire fraud and aggravated identity theft, charges that carry a statutory maximum of 22 years in prison at sentencing, according to MyNewsLA. Prosecutors say additional defendants remain in the pipeline and that the FBI led the investigation in coordination with domestic and foreign partners.
Why Experts Say Social Engineering Still Wins
Security researchers keep coming back to the same uncomfortable point: attacking people is usually easier than attacking code. KrebsOnSecurity reported that the group combined smooth-talking social engineering with stolen corporate credentials to sidestep multi-factor authentication and siphon cryptocurrency. Companies and individual crypto investors are being urged to lock down account recovery processes and lean on hardware security keys wherever possible.
Buchanan's plea highlights a broader enforcement push on high-tech, cross-border crypto theft involving U.S. prosecutors, the FBI and international agencies. As Investing.com reported when the indictments were first unsealed, investigators traced domain registrations and money flows while building their case against the defendants.
