British Hacker Admits Role in Million Crypto Theft Scheme

A cyber fraud case stretching across the United States and the United Kingdom has moved closer to sentencing after a 24-year-old British national admitted his role in a scheme that stole at least $8 million in virtual currency from victims in the US.

US prosecutors say Tyler Buchanan of Dundee was part of a coordinated criminal operation that targeted companies and their workers through SMS phishing, a method that uses deceptive text messages to trick people into giving up sensitive account details. The Department of Justice said the campaign ran between September 2021 and April 2023 and hit at least a dozen companies across sectors including entertainment, telecommunications, technology, and virtual currency.

According to the US Department of Justice, the conspiracy led to the theft of at least $8 million, or about £5.9 million, in virtual currency assets from individuals across the United States.

How the fraud operation worked

Prosecutors said Buchanan and his co-conspirators sent hundreds of fraudulent text messages to employees at targeted organisations. The messages were designed to push victims to fake websites where they entered confidential information such as account names and passwords. Once the group secured those credentials, investigators said they used them to enter company systems, obtain sensitive internal information, and move further into the accounts they wanted to exploit.

The Justice Department said the stolen data became a gateway to much larger thefts. In his plea agreement, Buchanan admitted that he and other members of the conspiracy used the information they gathered to steal millions of dollars in virtual currency. The case adds to growing global concern over the increasing sophistication of phishing attacks and the speed with which stolen credentials can be turned into financial losses.

At the centre of the prosecution is a straightforward allegation: this was not a random or isolated cyber intrusion. US authorities say it was an organised effort to target businesses, manipulate employees, and convert digital access into direct financial gain.

• The conspiracy reportedly ran from September 2021 to April 2023
• At least a dozen companies were targeted
• Hundreds of phishing texts were sent to employees
• Victims across the US lost at least $8 million in virtual currency assets

Evidence recovered and charges admitted

Investigators said evidence recovered from Buchanan's home in Scotland strengthened the case against him. A digital device seized there allegedly contained names and addresses of numerous people. Prosecutors also said one file held cryptocurrency seed phrases and login information linked to a victim's account, underscoring the prosecution's claim that the operation had direct access to sensitive materials needed to take control of digital assets.

Buchanan has pleaded guilty to one count of conspiracy to commit wire fraud and one count of aggravated identity theft. Those admissions are significant because they tie him not only to the communications and planning side of the scheme, but also to the use of stolen personal information in carrying out the fraud.

He has been in US federal custody since April 2025 and is due to be sentenced on 21 August. He faces a maximum prison term of 22 years. While sentencing outcomes are determined by the court, the scale of the alleged theft and the structured nature of the operation are likely to remain central to the case as it moves forward.

Buchanan is scheduled for sentencing on 21 August and faces a maximum sentence of 22 years in prison.

The case also connects Buchanan to a wider web of cybercrime prosecutions. In November 2023, US authorities charged him alongside four American men and boys in their teens and twenties over alleged activity tied to Scattered Spider, a cyber-criminal collective that has drawn increasing attention from law enforcement agencies. Prosecutors have not framed the case as a one-man operation. Instead, it is being pursued as part of a broader criminal network that relied on coordination, identity abuse, and digital deception.

Broader crackdown on alleged co-conspirators

The Department of Justice identified 21-year-old Noah Michael Urban as one of Buchanan's co-conspirators. Urban pleaded guilty in April 2025 to three fraud-related offences. He is now serving a 10-year federal prison sentence and was ordered to pay $13 million in restitution. That development signals the aggressive line US prosecutors are taking in a case they appear determined to push through multiple defendants.

Three other defendants, all based in the United States and in their twenties, are also facing criminal charges as the investigation continues. The FBI remains involved, suggesting that authorities still see the matter as active and potentially wider than what has already been made public in court filings and plea agreements.

For businesses, the case is another reminder that cybercrime often begins with a simple message. A text that appears routine can become the entry point for a major breach when staff are not equipped to detect deception quickly. For individuals holding digital assets, it also highlights the fragility of account security when login credentials, seed phrases, and identity data are exposed.

What stands out in this prosecution is the blend of old and new fraud tactics. The lure was familiar: fake messages designed to create trust or urgency. The payoff, however, was firmly rooted in the modern digital economy, where virtual currency can be transferred rapidly and recovered only with difficulty once stolen.

1. Attackers sent phishing texts to employees
2. Victims were directed to fraudulent websites
3. Credentials and other confidential details were collected
4. The information was used to access accounts and company data
5. Virtual currency assets were then stolen from victims in the US

As sentencing approaches, the Buchanan case will be watched not only for the penalty imposed, but also for what it says about the growing willingness of prosecutors to pursue cross-border cybercrime aggressively. The message from US authorities is already clear: cyber fraud operations that cross industries, jurisdictions, and digital platforms will be met with lengthy investigations, international cooperation, and serious prison exposure.

For now, Buchanan's guilty plea closes one chapter of the case. It does not end the wider investigation. With other defendants still before the courts and the FBI continuing its work, the prosecution is still building out the full shape of a fraud network that prosecutors say reached deep into corporate systems and left victims across the United States with losses running into the millions.