Scotland Man Pleads Guilty in Massive $8 Million Crypto-Heist and Phishing Campaign

A 24-year-old Dundee man has admitted his role in a sophisticated international cybercrime ring that utilized SMS phishing and “SIM swapping” to siphon millions of dollars from American victims and major corporations.

Tyler Robert Buchanan pleaded guilty in a United States federal court to conspiracy to commit wire fraud and aggravated identity theft. He has been in federal custody since April 2025.

According to the Department of Justice, Buchanan and his co-conspirators executed a meticulously planned two-stage campaign between September 2021 and April 2023.

The first phase targeted the “human element” of major interactive entertainment, telecommunications, and technology companies. The conspirators sent hundreds of Short Message Service (SMS) phishing messages to employees, appearing to be from their own IT departments or business suppliers.

“The SMS phishing messages contained links to phishing websites designed to look like legitimate websites of a victim company or a contracted IT or BPO supplier,” reads the press release.

These fraudulent sites captured account credentials and transmitted them directly to a Telegram channel controlled by Buchanan.

Once inside corporate systems, the group stole intellectual property and personal identifying information (PII) of customers. They used this stolen data to transition to their secondary objective: Virtual Currency Theft.

To bypass the security features protecting individual crypto wallets, the group utilized a technique known as SIM swapping.

SIM swapping is a technique in which a criminal fraudulently induces a mobile carrier to reassign a cell phone number from the legitimate subscriber’s SIM card to a SIM card controlled by another without the legitimate subscriber’s authorization or knowledge.

By controlling the victims’ phone numbers, Buchanan and his team intercepted two-factor authentication (2FA) codes, allowing them to drain over $8 million in virtual currency assets.

When authorities raided Buchanan’s residence in Scotland in April 2023, they discovered files linked to numerous victim companies and a text file containing cryptocurrency seed phrases for a victim’s account.