A British hacker has pleaded guilty to orchestrating a cybercrime scheme that stole $8 million in virtual currency from victims in the United States. Tyler Robert Buchanan, 24, of Dundee, Scotland, admitted to one count of conspiracy to commit wire fraud and one count of aggravated identity theft in federal court. The U.S. Department of Justice (DOJ) stated that Buchanan and his co-conspirators used text message phishing attacks to trick employees into disclosing their login credentials, enabling unauthorized access to company systems.
Buchanan is scheduled to be sentenced on August 21 and faces a maximum penalty of 22 years in federal prison. The DOJ alleged that the group targeted at least 45 companies in the U.S. and abroad, including Canada, India, and the United Kingdom, between September 2021 and April 2023. A device seized at Buchanan’s home contained names and addresses of multiple victims, as well as cryptocurrency seed phrases and login credentials.
The conspirators created a phishing kit that captured login credentials entered into fraudulent websites by victim company employees. The stolen credentials were then transmitted to an online Telegram channel administered by Buchanan and another co-conspirator. Buchanan has been in U.S. federal custody since April 2025.
Federal prosecutors identified three co-conspirators still facing criminal charges: Ahmed Hossam Eldin Elbadawy, 24, of College Station, Texas; Evans Onyeaka Osiebo, 21, of Dallas, Texas; and Joel Martin Evans, 26, of Jacksonville, North Carolina. The case highlights a broader trend of cyber-enabled crime, with the FBI reporting that such crimes defrauded Americans of nearly $21 billion in 2025.