Scottish Man Admits Guilt in $8 Million US Cyber Fraud Scheme
A Scottish man has pleaded guilty to participating in a sophisticated cyber fraud scheme that targeted companies in the United States, resulting in the theft of at least eight million dollars, equivalent to approximately £5.9 million, in virtual currency. Tyler Buchanan, aged 24 and from Dundee, admitted his role in a conspiracy that involved hacking into computer systems of numerous businesses through deceptive text message phishing attacks.
Details of the Fraudulent Operation
The US Department of Justice revealed that Buchanan was part of a group that executed text message phishing campaigns to trick employees into revealing their login credentials. These attacks impersonated the companies themselves or their contracted suppliers, sending hundreds of messages to gain unauthorized access. The stolen credentials were then used to infiltrate computer systems, enabling the theft of cryptocurrency from victims across the United States.
In his plea agreement, Buchanan confessed that between September 2021 and April 2023, the conspirators planned to scam a range of entities, including telecommunications companies, IT suppliers, cloud communications providers, virtual currency firms, and individuals. The group developed a phishing kit designed to capture login credentials entered into fraudulent websites by employees, with the stolen data transmitted to an online Telegram channel managed by Buchanan and another co-conspirator.
Evidence and Legal Proceedings
During the investigation, authorities seized a device from Buchanan's home in Scotland, which contained sensitive information such as the names and addresses of multiple victims, along with a text file holding cryptocurrency seed phrases and login credentials for one victim's account. Buchanan pleaded guilty to one count of conspiracy to commit wire fraud and one count of aggravated identity theft, charges that carry significant penalties.
He has been in US federal custody since April 2025 and is scheduled for sentencing on August 21, facing a maximum sentence of 22 years in prison. The case highlights the international nature of cybercrime, with Police Scotland among several agencies that assisted the FBI in the investigation.
Broader Impact and Co-Conspirators
Three other defendants from the United States are still facing criminal charges in connection with this scheme, according to the DOJ. Another co-conspirator, Noah Michael Urban, pleaded guilty in April 2025 to three fraud-related charges and is currently serving a 10-year prison sentence. Urban was also ordered to pay 13 million dollars, about £9.6 million, in restitution to the victims.
This case underscores the growing threat of cyber fraud and the importance of robust cybersecurity measures to protect against phishing attacks. The involvement of international law enforcement agencies demonstrates the collaborative efforts required to combat such crimes, which often span multiple jurisdictions and involve complex digital tactics.
