Scottish Hacker Admits to $8 Million Cryptocurrency Theft Targeting American Victims

A Young Man’s Digital Crime Spree Comes to an End

In a case that underscores the growing threat of sophisticated cybercrime, a 24-year-old man from Scotland has admitted to masterminding an elaborate hacking operation that drained $8 million in virtual currency from unsuspecting victims throughout the United States. Tyler Robert Buchanan, a resident of Dundee, Scotland, stood before a federal court in California’s Central District and pleaded guilty to serious charges that could reshape the remainder of his young life. The charges he admitted to—conspiracy to commit wire fraud and aggravated identity theft—carry severe consequences that reflect the seriousness with which American authorities treat cyber-enabled crimes. According to the U.S. Department of Justice, Buchanan’s admission marks a significant victory in the ongoing battle against international cybercriminals who exploit digital vulnerabilities to prey on innocent people. His case serves as a stark reminder that despite the anonymous nature of online activity, law enforcement agencies have developed sophisticated methods to track down those who believe they can hide behind screens and steal with impunity.

The Anatomy of a Modern Phishing Scheme

The criminal operation that Buchanan and his accomplices orchestrated ran for nearly two years, from September 2021 through April 2023, demonstrating a sustained and organized effort to defraud victims. The methods they employed were disturbingly simple yet devastatingly effective, relying on a tactic known as phishing—a form of social engineering that tricks people into voluntarily handing over their sensitive information. The scheme worked by sending text messages to employees at various companies, with the messages carefully crafted to appear as though they came from legitimate sources such as the victim’s employer or a trusted business supplier. These weren’t random spam messages that most people would instantly recognize as fraudulent; instead, they were targeted communications designed to create a sense of urgency and alarm. The messages typically warned recipients that their work accounts were about to be deactivated or suspended, prompting immediate action. This created a psychological pressure that made victims more likely to act without thinking critically about whether the message was genuine. The texts contained links that, when clicked, directed victims to websites that looked remarkably similar to legitimate company portals or service provider pages—so convincing that even cautious individuals might be fooled.

From Stolen Credentials to Empty Wallets

Once victims entered their login credentials, passwords, and other personal information on these fraudulent websites, Buchaman and his co-conspirators had everything they needed to access the victims’ digital assets. The criminal group specifically targeted people’s virtual currency wallets—digital storage systems for cryptocurrencies like Bitcoin, Ethereum, and other digital assets that have become increasingly valuable in recent years. With the stolen credentials in hand, the hackers could bypass security measures and transfer funds out of victims’ accounts and into wallets controlled by the criminal operation. The speed and efficiency with which cryptocurrency transactions can be executed made this type of theft particularly devastating for victims, as digital currency transfers are often irreversible once completed. Unlike traditional banking fraud, where institutions can sometimes freeze accounts or reverse transactions when fraud is detected, cryptocurrency’s decentralized nature makes recovery extremely difficult if not impossible. Federal prosecutors revealed that Buchanan and his criminal network cast a wide net, targeting at least 45 different companies across multiple countries. While their primary focus was on American victims, they also went after individuals and organizations in Canada, India, and the United Kingdom, demonstrating the truly international scope of their operation.

A Criminal Network Spanning Continents

Buchanan didn’t work alone in executing this sophisticated fraud scheme. Federal prosecutors have identified three additional co-conspirators who allegedly worked alongside the Scottish hacker to carry out the multimillion-dollar theft. These individuals are Ahmed Hossam Eldin Elbadawy, 24, who went by the online alias “AD” and resided in College Station, Texas; Evans Onyeaka Osiebo, 21, from Dallas, Texas; and Joel Martin Evans, 26, known in online circles as “joeleoli,” who lived in Jacksonville, North Carolina. Unlike Buchanan, who has accepted responsibility for his role in the scheme by pleading guilty, these three co-conspirators continue to face criminal charges and have not yet been convicted. The case illustrates how modern cybercrime often involves networks of individuals working together across vast distances, coordinating their activities through digital communications and dividing responsibilities to maximize their criminal efficiency. These weren’t opportunistic hackers working independently; they were an organized group that likely divided tasks such as crafting convincing phishing messages, creating fake websites, managing stolen credentials, and transferring stolen cryptocurrency. Buchanan now awaits his sentencing hearing, scheduled for August 21, where a federal judge will determine his punishment. He faces a maximum penalty of 22 years in federal prison—more than two decades behind bars for crimes committed largely from behind a computer screen—a sentence that reflects both the financial damage caused and the violation of trust inherent in identity theft.

The Broader Epidemic of Cyber-Enabled Crime

Buchanan’s case, while significant in its own right, represents just one example of a much larger and deeply concerning trend that’s affecting millions of Americans and people around the world. The Federal Bureau of Investigation released a comprehensive report in April that painted an alarming picture of the current state of cybercrime in America. According to the FBI’s findings, cyber-enabled crimes defrauded Americans of nearly $21 billion in 2025 alone—a staggering figure that represents countless individual victims who lost money, personal information, and peace of mind to digital criminals. The report highlighted that scammers have become increasingly sophisticated in their methods, leveraging social media platforms, text messaging systems, and even artificial intelligence technologies to make their schemes more convincing and harder to detect. Social media has become a particularly fertile hunting ground for criminals, as these platforms contain vast amounts of personal information that can be used to create targeted, personalized scams that appear legitimate. The integration of AI into criminal operations has added another layer of concern, as these technologies can be used to create convincing fake voices, images, and even video content that makes fraudulent communications seem authentic.

Protecting Vulnerable Americans in the Digital Age

Perhaps most troubling is the FBI report’s finding that Americans over the age of 60 have become the most vulnerable demographic when it comes to cyber-enabled fraud. This group of older Americans reported approximately $7.7 billion in losses during the past year—a shocking 37% increase compared to 2024. This dramatic rise in victimization among seniors raises important questions about digital literacy, the design of online security systems, and the responsibility of technology companies to protect users who may be less familiar with the warning signs of online fraud. Older Americans often have substantial retirement savings and home equity that make them attractive targets for criminals, and they may be less familiar with the tactics that scammers employ or the red flags that might alert a more digitally-savvy person to a potential scam. As cases like Buchanan’s demonstrate, the consequences of cybercrime extend far beyond simple financial loss—victims often experience emotional trauma, loss of trust, and lasting psychological effects from the violation of having their personal information stolen and exploited. The guilty plea entered by this young Scottish hacker may bring some measure of justice for his victims, but it also serves as a sobering reminder that in our increasingly connected digital world, the threats we face are constantly evolving, and protection requires vigilance, education, and robust law enforcement cooperation across international borders.