Overview
- Tyler Robert Buchanan, 24, entered a guilty plea on Monday in U.S. court and now awaits an August 21, 2026 sentencing with a maximum of 22 years.
- Prosecutors say he hit cloud‑reliant companies by blasting employees with texts that led to fake login pages that captured passwords and personal data.
- The group used a phishing kit that sent stolen credentials to a Telegram channel they ran, which let them quickly use the logins.
- By performing SIM swaps that moved victims’ numbers onto attacker‑controlled SIM cards, they intercepted two‑factor codes and stole at least $8 million in crypto.
- The scheme ran from September 2021 to April 2023, he was arrested in Spain in June 2024, and one co‑conspirator, Noah Urban, is already serving a 10‑year sentence as others face charges.