British man pleads guilty in U.S. cybercrime case tied to $8 million cryptocurrency theft
5 min. read 
Published on
A British national has pleaded guilty in the United States for his role in a cybercrime operation that hacked company systems, stole sensitive data, and used that information to take at least $8 million in cryptocurrency from victims across the country. U.S. prosecutors say the scheme combined SMS phishing, corporate network intrusions, and SIM swapping to break into both business and personal accounts.
Tyler Robert Buchanan, 24, of Dundee, Scotland, pleaded guilty to conspiracy to commit wire fraud and aggravated identity theft in federal court in California on April 17, 2026. He has remained in federal custody since April 2025, and U.S. District Judge John W. Holcomb set sentencing for August 21. Prosecutors say he faces a maximum of 22 years in prison.
Access content across the globe at the highest speed rate.
70% of our readers choose Private Internet Access
70% of our readers choose ExpressVPN
Browse the web from multiple devices with industry-standard security protocols.
Faster dedicated servers for specific actions (currently at summer discounts)
The case matters because it shows how modern cybercrime chains several simple tactics together. Attackers first trick employees with fake text messages, then enter company systems with stolen credentials, and finally use the harvested data to identify people with valuable crypto holdings. From there, SIM swaps can let criminals intercept one-time codes and empty digital wallets.
How the scheme worked
According to Buchanan’s plea agreement, the attacks ran from September 2021 to April 2023 and hit at least a dozen companies and many individual victims in the United States. The targets included technology firms, telecom companies, business process outsourcing providers, cloud communications firms, and virtual currency companies.
Prosecutors say the group sent hundreds of phishing texts that looked like legitimate messages from employers or trusted IT vendors. Those texts led employees to fake login pages built to capture usernames, passwords, and other sensitive details. The stolen credentials were then routed to a Telegram channel that Buchanan and another co-conspirator controlled, which gave the group a quick way to move from phishing to account takeover.
Once inside company systems, the attackers stole internal files, intellectual property, and personal data such as names, email addresses, phone numbers, and account access details. Buchanan also admitted that investigators found files linked to numerous victim companies at his home in Scotland, along with data tied to individual victims, including cryptocurrency seed phrases and login information for at least one account.
Why the crypto losses grew so large
U.S. prosecutors say the stolen company data helped the group identify people who held significant virtual currency assets. The attackers then moved from corporate compromise to personal financial theft, which made the operation far more damaging than a normal credential phishing campaign.
To get past two-factor authentication, the group allegedly carried out SIM swaps. In those attacks, a criminal convinces or tricks a mobile carrier into moving a victim’s phone number to a SIM card under the attacker’s control. That lets the attacker receive verification texts and calls meant for the victim, opening the door to protected accounts, including cryptocurrency wallets. The FBI previously warned that SIM swap schemes have caused millions in losses and often target virtual currency accounts.
The sample article understated the scale of the case. The latest DOJ release says Buchanan admitted the conspiracy stole at least $8 million in virtual currency, not $1 million. It also updates the status of co-conspirator Noah Michael Urban, who is now serving a 10-year federal prison sentence and must pay $13 million in restitution. Three other defendants still face charges.
Case facts at a glance
| Detail | Verified update |
|---|---|
| Defendant | Tyler Robert Buchanan, 24, of Dundee, Scotland |
| Guilty plea | Conspiracy to commit wire fraud and aggravated identity theft |
| Date of plea | April 17, 2026 |
| Scheme period | September 2021 to April 2023 |
| Reported crypto losses | At least $8 million |
| Main tactics | Smishing, credential theft, company intrusions, SIM swapping |
| Sentencing date | August 21, 2026 |
| Maximum sentence | 22 years in federal prison |
What companies and users should take from this case
- Treat text messages about password resets, account lockouts, or urgent IT actions as suspicious until you verify them through an internal channel.
- Move high-value accounts away from SMS-based authentication where possible and use stronger authentication methods.
- Add a PIN or password to your mobile carrier account to reduce SIM swap risk.
- Never share a verification code sent to your phone, even if the request looks urgent or appears to come from support staff.
- Review exposed corporate data quickly after any intrusion because attackers may use it to target employees and customers outside the company network.
FAQ
He is a 24-year-old man from Dundee, Scotland, who pleaded guilty in U.S. federal court to participating in a cybercrime scheme that stole at least $8 million in virtual currency.
Prosecutors say they used phishing text messages that sent employees to fake login pages, then used stolen credentials to access company accounts and networks.
It is a fraud technique where a criminal gets a phone number transferred to a SIM card they control so they can intercept calls and text-based security codes.
The latest DOJ announcement says the conspiracy stole at least $8 million in virtual currency from victims in the United States.
Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more
Improve this guide
User forum
0 messages