Scattered Spider Leader Pleads Guilty After $8M Crypto Theft via SMS Phishing Across Multiple Industries
What Happened – A 24‑year‑old British hacker identified as the leader of the Scattered Spider cybercrime collective pleaded guilty in U.S. federal court to wire fraud and aggravated identity theft. Prosecutors say he and co‑conspirators stole at least $8 million in cryptocurrency by compromising employee credentials through SMS‑phishing and SIM‑swap attacks on more than a dozen companies between 2021‑2023.
Why It Matters for TPRM –
- Credential‑theft campaigns targeting third‑party vendors can cascade into large‑scale financial loss.
- SMS‑phishing (SMiShing) demonstrates that traditional MFA via text messages is insufficient for high‑value accounts.
- The case highlights the need for continuous monitoring of supplier security hygiene, especially for cloud‑communication and crypto‑related services.
Who Is Affected – Companies in entertainment, telecommunications, technology, BPO, IT services, cloud communications, virtual‑currency platforms, and their employees.
Recommended Actions –
- Review all vendor contracts for MFA requirements; migrate from SMS‑based MFA to app‑based or hardware tokens.
- Conduct phishing‑resilience testing (including SMiShing) for both internal staff and supplier contacts.
- Verify that suppliers enforce strict SIM‑swap protection and monitor for anomalous wallet activity.
Technical Notes – The attackers used mass‑sent SMS messages that mimicked legitimate corporate or supplier communications, directing recipients to spoofed login pages. Captured credentials enabled SIM‑swap attacks, which transferred crypto assets to wallets under the criminals’ control. No specific CVE was exploited; the vector relied on social engineering and weak authentication controls. Source: BleepingComputer