A British hacker pleaded guilty Friday in U.S. federal court to participating in a sweeping cybercrime campaign that siphoned at least $8 million in cryptocurrency from companies and individuals, federal prosecutors said.

Tyler Robert Buchanan, 24, of Dundee, Scotland, admitted to one count of conspiracy to commit wire fraud and one count of aggravated identity theft, according to the Department of Justice.

He previously was described as the suspected ringleader of a hacking collective tracked as “Scattered Spider” and was arrested at Palma Airport in Spain in June 2024 as he prepared to board a flight to Italy.

Scattered Spider poses a unique challenge for law enforcement because it is structured more as a loose collective than a traditional cybercrime organization. Unlike other financially motivated groups based in Russia, its members are often native English speakers, which enhances their ability to carry out social engineering attacks.

Buchanan was named among a group of five defendants accused of running prolific phishing campaigns that allowed them to steal employee credentials, gain access to sensitive data and steal millions of dollars, according to an indictment unsealed in November 2024.

Prosecutors said Buchanan was part of the group that carried out a ransomware attack on MGM Resorts, along with attacks on at least a dozen other companies across sectors including telecommunications, technology and virtual currency services. Other victims include Coinbase, Twilio, Mailchimp and LastPass.

According to court documents, the conspirators used SMS phishing, also known as “smishing,” to gain access to victims’ accounts. They sent hundreds of deceptive text messages to employees, posing as legitimate company communications or third-party service providers.

Victims who clicked the fraudulent links were directed to spoofed websites designed to harvest login credentials. Those credentials were then used to infiltrate company systems and access sensitive data, including virtual currency accounts.

Authorities said the stolen login details were shared through online channels, including messaging platforms, enabling the group to coordinate intrusions and thefts.

The scheme resulted in losses of at least $8 million in virtual currency from victims across the United States, according to federal prosecutors.

Investigators said the targets extended beyond corporations to include individual victims, and in some cases involved sensitive personal information such as cryptocurrency “seed phrases” and account credentials recovered from seized devices.

Buchanan has been in U.S. federal custody since April 2025 and is scheduled to be sentenced later this year. He faces a maximum penalty of up to 22 years in prison.

One of Buchanan’s co-defendants, Noah Michael Urban, is currently serving a 10-year federal prison sentence after pleading guilty last April.

The other three alleged co-conspirators — Ahmed Hossam Eldin Elbadawy, 24, of Texas; Evans Onyeaka Osiebo, 21, of Dallas; and Joel Martin Evans, 26, of North Carolina — also have been charged and remain awaiting prosecution.