The alleged hacker and leader of the Scattered Spider group was arrested while trying to escape Spain. Members of the hacking group created a closed leaderboard on Telegram for the number of hacked cryptocurrency accounts, boasting about the stolen assets.

According to the website of the famous American journalist Brian Krebs (Brian Krebs), who is engaged in cybercrime investigations, 22-year-old Tyler Buchanan (Tyler Buchanan), also known as “Tyler”, from England was arrested this week in Spain. He is the leader of the Scattered Spider cybercrime group, which is suspected of hacking companies such as Twilio, LastPass, DoorDash, Mailchimp and nearly 130 other organizations over the past two years, according to authorities.

Spanish newspaper Murcia Today reported that Buchanan was wanted by the FBI and was detained at Palma de Mallorca airport while trying to board a flight to Italy. According to police, he was in control of $27 million worth of hacked cryptocurrency at the time of his arrest.

Buchanan is considered an expert in SIM swapping attacks. With these attacks, attackers gain control of the victim’s phone number and intercept one-time passwords and password reset links sent via SMS. This allows them to access the victim’s accounts.

Scattered Spider has carried out a series of high-profile cyberattacks, starting with the Twilio attack in 2022. They then hacked at least 163 Twilio customers, including the Signal app and Mailchimp. As a result, sensitive data and millions of dollars worth of cryptocurrency were stolen.

The group is also suspected of hacking password storage service LastPass, food delivery service DoorDash and dozens of other tech companies. SMS phishing and hacking of employee accounts were used for attacks.

Buchanan and other members of Scattered Spider are also affiliated with The Com, a cybercriminal collective known for high-profile cryptocurrency thefts and the rankings of those thefts on closed Telegram channels. Some participants, including Buchanan, were physically abused by rival gangs. Rivals specifically hired thugs to break into his home and threatened to burn it down if he did not hand over the keys to his cryptocurrency wallets. Buchanan is thought to have fled England following the attack.