Tyler Buchanan, from Dundee, Scotland, pleaded guilty to one count of conspiracy to commit wire fraud and one count of aggravated identity theft. According to the Department of Justice, he was involved in a ring that used text message phishing attacks to deceive employees into giving away their login credentials to access computer systems. In his plea agreement, Buchanan admitted that between September 2021 and April 2023, the group planned to scam telecommunications companies, IT suppliers, cloud communications providers, virtual currency firms, and individuals.
Evidence from a device seized at Buchanan's home in Scotland showed he possessed the names and addresses of multiple victims, along with a text file containing cryptocurrency seed phrases and login credentials for one victim's account. The conspirators created a phishing kit that captured login credentials entered into fraudulent phishing websites by a victim company's employees, and the stolen credentials were transmitted to an online Telegram channel administered by Buchanan and another co-conspirator. Buchanan has been in federal custody in the US for a year.
He is scheduled to be sentenced on 21 August and faces a maximum sentence of 22 years in prison. Three other defendants, all from the United States, are still facing criminal charges. Another co-conspirator, Noah Michael Urban, pleaded guilty in April 2025 to three fraud-related charges and is serving a 10-year prison sentence, and was ordered to pay $13 million in restitution.
Police Scotland was one of several agencies providing the FBI with assistance in the investigation.