UK Man Pleads Guilty to $8m Crypto Heist Targeting US Victims

A man from Scotland who stole about $8 million in cryptocurrency from companies through an SMS phishing scheme has pleaded guilty to his crimes.

The attacks hit over a dozen companies, affecting many regular people’s digital currency wallets all over the US.

Details of the SMS Phishing Scheme

A 24 years old guy named Tyler Robert Buchanan from Scotland pleaded guilty on Friday.

Buchanan worked with others to break into at least twelve companies. They carted away at least $8 million in cryptocurrency. Buchanan’s been behind bars since last April and is going to receive his sentencing on August 21. There’s a chance he might get 2 decades in prison.

The group sent many actors numerous fake SMS messages. The texts looked real and seemed to come from the worker’s own company. Sometimes the texts pretended to be from an IT supplier, making the workers trust them.

They embedded links in each of the text messages. The links led users to fake websites that appeared to be genuine company login pages. The employees would enter their login details not knowing it’s a fake page and everything is going to scammers.

Meanwhile, the group engineered a specialized “phishing kit” to collect this information. All the stolen logins went to a Telegram channel. Buchanan ran that channel with another person.

Once inside company systems, they grabbed all kinds of stuff. They took secret work files, stole ideas, and plans. They also took personal info like names, email addresses, and phone numbers.

The SIM Swapping Trick That Drained Crypto Wallets

Buchanan and his crew used the stolen company data to find people with crypto accounts. They looked for digital wallets they could empty. To break into those wallets, they used something called SIM swapping.

For context, a SIM swap is when a criminal tricks your phone company. They convince the company to move your phone number to a SIM card they own.

Suddenly, all your calls and texts go to the hacker instead of going to you. While SIM swapping targets phone carriers, other attackers are going after iOS devices directly, researchers have uncovered a ‘DarkSword’ iOS exploit targeting credentials and crypto wallets, demonstrating that whether through social engineering or sophisticated software exploits, crypto assets are under constant attack from multiple angles.

This trick helps the attacker to bypass two-factor authentication. Those codes your bank texts you to check if it’s really you logging in will now go straight to the hacker. Those codes are there to protect you. Instead, they became the key to stealing millions for the hacker.

The Evidence that Busted the Operation

Upon searching Buchanan’s residence in Scotland, officers found a digital device containing names and addresses of a lot of his victims.

One text file contained crypto seed phrases and a victim’s account login credentials. Seed phrases are master keys to crypto wallets. Having them means the scammer can take everything in the wallet.

The total amount stolen? At least $8 million in virtual currency, all from regular people across the United States.

His Partners in Crime

About four other individuals helped Buchana to carry out the theft. One is a 21-year old man named Noah Michael Urban (A.K.A Sosa or Elijah), who hails from Palm Coast in Florida. Urban pleaded guilty last April. He is currently in prison and will be spending a total of 1o years there. Plus, he has to restitute $13 million, according to court order.

Three other people still face charges. Ahmed Hossam Eldin Elbadawy, 24, from College Station, Texas. Then there’s Evans Onyeaka Osiebo, 21, from Dallas, Texas. Also, there’s Joel Martin Evans, 26, from Jacksonville, North Carolina.

The FBI is leading the entire investigation. They got help from Police Scotland. Spanish national police helped too. A lot of FBI field offices, including Charlotte, Dallas, Houston, and Portland, also contributed.

Asst. US Attorney Lauren Restrepo is the one handling this case. As for Buchanan’s sentencing, Judge John W. Holcomb will decide on it this summer.