British National Pleads Guilty to Hacking into Companies and Stealing At Least $8 Million in Virtual Currency

SANTA ANA, California - A United Kingdom man pleaded guilty today to conspiring with others to hack into the computer systems of at least a dozen companies via text message phishing attacks and to steal at least $8 million in virtual currency from individual victims throughout the United States.

Tyler Robert Buchanan, 24, of Dundee, Scotland, pleaded guilty to one count of conspiracy to commit wire fraud and one count of aggravated identity theft.

Buchanan has been in federal custody since April 2025.

According to his plea agreement, from September 2021 to April 2023, Buchanan and other individuals conspired to conduct cyber intrusions and virtual currency thefts. The victims and intended victims included interactive entertainment companies, telecommunications companies, technology companies, business process outsourcing (BPO) and information technology (IT) suppliers, cloud communications providers, virtual currency companies, and individuals.

Buchanan and his co-conspirators defrauded at least a dozen companies and their employees as well as individual victims throughout the U.S.

As part of the scheme, Buchanan and his co-conspirators conducted Short Message Service (SMS) phishing attacks by sending hundreds of SMS phishing messages to the mobile telephones of a victim company's employees. The messages purported to be from the victim company or a contracted IT or BPO supplier for the victim company.

The SMS phishing messages contained links to phishing websites designed to look like legitimate websites of a victim company or a contracted IT or BPO supplier. The websites then lured the recipient into providing confidential information, including personal identifying information (PII), and account usernames and passwords.

Buchanan and his co-conspirators then used the stolen credentials to access the accounts of a victim company's employees and the victim company's computer systems to steal confidential company information. For some victim companies, this stolen information included confidential work product, intellectual property, and PII such as account access credentials, names, email addresses, and telephone numbers.

The conspirators created a phishing kit that captured login credentials entered into the fraudulent phishing websites by a victim company's employees. The stolen credentials were then transmitted to an online Telegram channel administered by Buchanan and another co-conspirator.

Buchanan admitted in his plea agreement that in April 2023 at his residence in Scotland, he possessed files related to numerous victim companies.

Buchanan further admitted that he and several co-conspirators used the information stolen from company intrusions to identify and gain access to virtual currency accounts and wallets belonging to individual victims to steal millions of dollars' worth of virtual currency.

To gain access to individual victims' virtual currency wallets and accounts, and bypass two-factor authentication security features, Buchanan and others gained unauthorized access to victims' online accounts and conducted Subscriber Identity Module (SIM) swaps of victims' mobile telephone numbers to devices that the conspirators controlled.

"SIM swapping" is a technique in which a criminal fraudulently induces a mobile carrier to reassign a cell phone number from the legitimate subscriber's SIM card to a SIM card controlled by another without the legitimate subscriber's authorization or knowledge. This process allows a criminal to intercept two-factor authentication codes sent to the victim via phone call or SMS, and to gain access to the victim's various accounts.

In April 2023, on a digital device found at Buchanan's Scotland residence, he possessed the names and addresses of numerous individual victims, including a text file that contained cryptocurrency seed phrases and login information for one victim's account.

Buchanan admitted in his plea agreement that the scheme involved the theft of at least $8 million worth of virtual currency assets from individual victims located throughout the United States.

United States District Judge John W. Holcomb scheduled an August 21 sentencing hearing, at which time Buchanan will face a statutory maximum sentence of 22 years in federal prison.

A co-conspirator, Noah Michael Urban, 21, a.k.a. "Sosa" and "Elijah," of Palm Coast, Florida, is serving a 10-year federal prison sentence and was ordered to pay $13 million in restitution. Urban pleaded guilty in April 2025 to three fraud-related counts.

The other three defendants charged with Buchanan - Ahmed Hossam Eldin Elbadawy, 24, a.k.a. "AD," of College Station, Texas; Evans Onyeaka Osiebo, 21, of Dallas, Texas; and Joel Martin Evans, 26, a.k.a. "joeleoli," of Jacksonville, North Carolina - still face criminal charges in this case.

The FBI is investigating this matter. The United States Attorney's Office for the Eastern District of North Carolina; the Department of Justice's Office of International Affairs; Police Scotland; Cuerpo Nacional de Policía (Spain); and the FBI field offices in Charlotte, Dallas, Houston, and Portland provided assistance during this investigation.

Assistant United States Attorney Lauren Restrepo of the National Security Division is prosecuting this case.