A member of the infamous cybercrime group Scattered Spider has been sentenced to ten years in prison and ordered to pay $13 million in restitution for a string of cryptocurrency thefts carried out through SIM swapping attacks.

Noah Michael Urban, only 20 years old, operated under several aliases, including Sosa and Elijah. He was arrested in Florida in January 2024 and later pleaded guilty to wire fraud and aggravated identity theft. Urban and his co-conspirators targeted both individuals and companies, using SIM swapping tactics to hijack mobile phone numbers, gain access to cryptocurrency wallets, and drain digital assets from unsuspecting victims. The Department of Justice reported that these actions resulted in the theft of at least $800,000 from multiple victims between August 2022 and March 2023.

Scattered Spider, also known as Muddled Libra, Octo Tempest, and UNC3944, is a collective notorious for social engineering attacks that exploit human vulnerabilities rather than technical flaws. Their methods include impersonating IT staff to trick employees into surrendering credentials or MFA codes, enabling the hackers to infiltrate company networks, steal sensitive data, and extort money. The group has historically targeted large organizations in sectors such as hospitality, telecommunications, and retail, and has been linked to high-profile breaches across the US and UK.

Urban’s sentencing marks the first major conviction for the group, but authorities believe Scattered Spider may comprise hundreds of members, many of them young men from Western countries. Law enforcement agencies continue to investigate and arrest other suspected members in the effort to stem the group’s sophisticated and persistent cyberattacks.

The case underscores the enormous financial and personal impact cybercrime can have on victims, with some losing their life savings or funds set aside for major life events. It also highlights the ongoing challenge organizations face as criminals develop ever more deceptive social engineering tactics to bypass even advanced security controls.