A British national tied to the Scattered Spider cybercrime group pleaded guilty to hacking multiple companies via SMS phishing and stealing over $8 million in virtual currency from US victims.

Tyler Robert Buchanan, 24, of Dundee, Scotland, pleaded guilty to conspiracy to commit wire fraud and aggravated identity theft.

In November 2024, US authorities unsealed criminal charges against Buchanan and four other alleged members of the Scattered Spider group, accusing them of using phishing text messages to steal employee credentials, breach company systems and steal cryptocurrency.

According to court documents, Buchanan and his co-conspirators conducted cyber intrusions and virtual currency thefts between September 2021 and April 2023.

The victims included interactive entertainment, telecommunications and technology companies, as well as business process outsourcing (BPO) and IT service providers, cloud communications firms, virtual currency companies and individual victims.

“As part of the scheme, Buchanan and his co-conspirators conducted Short Message Service (SMS) phishing attacks by sending hundreds of SMS phishing messages to the mobile telephones of a victim company’s employees. The messages purported to be from the victim company or a contracted IT or BPO supplier for the victim company,” the Justice Department said.

“The SMS phishing messages contained links to phishing websites designed to look like legitimate websites of a victim company or a contracted IT or BPO supplier. The websites then lured the recipient into providing confidential information, including personal identifying information (PII), and account usernames and passwords.”

In April 2023, police found on a digital device at Buchanan’s residence in Scotland the names and addresses of numerous victims, including a text file containing cryptocurrency seed phrases and login credentials for one account.

Buchanan has been in federal custody since April 2025 and faces up to 22 years in federal prison.

Co-conspirator Noah Michael Urban is serving a 10-year federal prison sentence and was ordered to pay $13 million in restitution after pleading guilty in April 2025 to fraud-related charges. Three other defendants charged alongside Buchanan, including Ahmed Hossam Eldin Elbadawy, Evans Onyeaka Osiebo and Joel Martin Evans, still face criminal charges in the case.

Scattered Spider is a cybercrime collective, also known as UNC3944, Muddled Libra and Octo Tempest, made up largely of young, native English-speaking hackers who use social engineering, including impersonating IT and help-desk staff, to gain initial access, bypass MFA, and compromise enterprise networks.

The group gained notoriety for its role in high-profile hacking and extortion attacks against Caesars Entertainment and MGM Resorts International, two of the largest casino operators in the US.

Although authorities have increased pressure on the group and arrested several members, including four they consider responsible for ransomware attacks targeting UK-based retailers last year, the group continues to operate, with new members replacing those arrested.

Key Takeaways:

• Ripple outlines a phased roadmap to prepare XRPL for quantum-era cryptography risks.
• Industry momentum grows as XRPL testing highlights performance and security tradeoffs.
• Developers at Ripple will expand testing to balance innovation with network stability.

Ripple Maps Quantum Security Strategy

Ripple’s post-quantum strategy reflects a growing shift in blockchain security as quantum computing risks gain credibility. The company’s latest Insight, published April 20 by Senior Director of Engineering Ayo Akinyele, outlined a structured roadmap to prepare the XRP Ledger for future cryptographic disruption while preserving network performance.

The Insight stated:

“Ripple is introducing a multi-phase roadmap to prepare the XRP Ledger (XRPL) for a post-quantum future, with a target for full readiness by 2028.”

It also detailed collaboration efforts: “Ripple is working with Project Eleven to accelerate development, including validator testing and early custody prototypes.”

Akinyele explained that quantum security is becoming more relevant because blockchain networks rely on cryptographic systems that could eventually be broken by sufficiently advanced quantum computers. On XRPL, each signed transaction reveals a public key on-chain, which could weaken long-term wallet security in a post-quantum environment.

He also pointed to the “harvest now, decrypt later” threat, where attackers collect cryptographic data today and wait for future quantum capabilities to exploit it. While this does not indicate an immediate failure of current protections, it increases the urgency of preparing systems that secure long-duration value. These risks reinforce the need for early testing of quantum-resistant cryptographic systems and structured migration planning.

XRPL Testing Targets Long-Term Stability

Ripple’s roadmap consists of four phases, starting with contingency planning for a potential failure of existing cryptographic standards. This includes a “Quantum-Day” framework designed to enable secure migration to post-quantum accounts if vulnerabilities emerge. Additional phases focus on evaluating National Institute of Standards and Technology (NIST)-recommended algorithms under real network conditions, measuring impacts on throughput, storage, and verification efficiency. XRPL’s native features, including key rotation and deterministic key generation, provide a technical advantage by enabling gradual migration without forcing users to abandon existing accounts. Parallel testing on development networks will allow developers to assess performance tradeoffs before broader implementation.

The senior director of engineering emphasized long-term execution and coordination, stating:

“We should not view addressing the quantum threat on XRPL as a single upgrade, but rather a multi-phased strategy of carefully migrating a live, global financial infrastructure without compromising the value of digital assets protected by the XRPL.”

Akinyele indicated that achieving post-quantum readiness requires balancing cryptographic innovation with operational stability, ensuring the network remains efficient while adapting to future security challenges.

Stablecoins — crypto assets pegged to fiat currencies like the dollar — “raise serious risks for financial integrity and can facilitate regulatory circumvention,” the head of the Bank for International Settlements (BIS) said in a speech in Japan Monday (April 20).

The fast-rising use of stablecoins could also “make it easier to evade capital controls” in emerging markets (EMs) and developing countries trying to keep control on financial flows and heighten “dollarisation risks,” said BIS general manager Pablo Hernández de Cos, whose comments were reported by the Financial Times (FT).

Their increasing popularity “opens up new avenues for tax evasion,” he added, citing estimates that “stablecoins now account for most illicit transactions within the crypto ecosystem.”

According to the FT, the increased worldwide use of dollar-denominated stablecoins was mentioned as a threat to financial stability in EMs by multiple financial policymakers when they convened in Washington last week for the IMF and World Bank meetings.

“There will be a focus on the extent to which it moves into domestic currency substitution,” Andrew Bailey, governor of the Bank of England, said during a financial industry event in D.C.

Bailey, who also chairs the Financial Stability Board, said “the rate of progress” on establishing international rules for stablecoins had slowed.

“If you had asked me a year ago, I would have said we are heading very quickly towards it. But I think it is something that we will have to come to terms with pretty soon,” he added.

Meanwhile, French Finance Minister Roland Lescure said last week that European banks should develop more euro-based stablecoins and tokenized deposits to reduce the region’s dependence on non-European payment providers.

Speaking at a cryptocurrency conference in Paris, Lescure said that the small volume of euro-pegged stablecoins compared to dollar-pegged tokens is “not satisfactory” and that a company formed by a group of European banks to introduce a euro-pegged stablecoin later this year is “what we need and that is what we want.”

In other stablecoin news, PYMNTS wrote last week about the implications of recent security incidents such as the North Korea-linked hack that led to losses of up to $280 million.

“The incidents underscore the fact that major stablecoin issuers retain the technical ability to halt transfers of specific tokens, or even eliminate them entirely through what’s termed as ‘burning,’ often in response to regulatory directives, security incidents or compliance concerns,” PYMNTS wrote.

“For CFOs accustomed to the predictability of bank deposits or money market funds, this can introduce a new category of risk: not market risk, but governance risk embedded in code.”