Coinbase, Microsoft and Europol Take Down Tycoon 2FA Phishing

A joint operation involving technology firms and law enforcement, including Coinbase, Microsoft and Europol, has disrupted the core infrastructure of Tycoon 2FA, a major phishing-as-a-service operation that enabled criminals to bypass multi-factor authentication (MFA).

Europol said Wednesday that Microsoft assisted in taking down 330 domains associated with Tycoon 2FA, while authorities also seized additional critical infrastructure linked to the platform.

Coinbase stated it supported the action by tracing blockchain transactions used to finance Tycoon 2FA, which helped identify the platform’s suspected administrator and its customers. The company said removing Tycoon’s core infrastructure cuts a significant channel for credential theft and initial access, increasing operational risks for cybercriminals.

Phishing was the second-largest threat in 2025, according to blockchain security firm Certik, which estimated losses of $722 million across 248 incidents. A spokesperson from PeckShield said Monday that phishing remains a persistent risk in 2026.

Tools designed to bypass multi-factor authentication

According to Coinbase, Tycoon 2FA provided spoofed landing pages to capture user credentials from legitimate websites and harvested session cookies and tokens, enabling attackers to circumvent MFA. When a user logs in with MFA, a session token is generated and stored in the browser as proof of authentication. If stolen, that token can be used to impersonate the user and bypass MFA checks.

Coinbase said the combination of convincing lures and session‑token theft has made phishing a dependable entry point for account takeovers, business email compromise, invoice fraud, and subsequent social engineering schemes.

One of the largest phishing platforms globally

Tycoon 2FA has operated since at least 2023, said Steven Masada, assistant general counsel at Microsoft’s Digital Crimes Unit. By mid‑2025, the platform accounted for 62% of phishing attempts Microsoft blocked, including more than 30 million emails in a single month.

Masada said the service lowered the technical barrier to entry, enabling individuals with limited expertise to conduct sophisticated impersonation campaigns. Victims spanned sectors including healthcare and education, leading to rerouted invoices, theft of sensitive data, locked networks, and disruptions to patient care.

He added that taking this infrastructure offline disrupts a major pipeline for account takeovers and helps protect individuals and organizations from follow‑on attacks such as data theft, ransomware, business email compromise, and financial fraud.

Stay informed, read the latest news right now!

Disclaimer

The content on TrustsCrypto.com is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency markets are highly volatile, always do your own research before making decisions.

Some content may be assisted by AI and reviewed by our editorial team, but accuracy is not guaranteed. TrustsCrypto.com is not responsible for any losses resulting from the use of information provided.

admin

Crypto Stocks Jump on Trump Comments, US Regulatory Moves

Crypto Stocks Jump on Trump Comments, US Regulatory Moves

Big Tech signs White House pledge on AI data center energy costs

Big Tech signs White House pledge on AI data center energy costs

X imposes 90-day revenue-share ban for undisclosed AI war videos

X imposes 90-day revenue-share ban for undisclosed AI war videos

Korea Halts Trading as Kospi, Kosdaq Plunge 10% on Mideast Crisis

Korea Halts Trading as Kospi, Kosdaq Plunge 10% on Mideast Crisis

Bitwise CIO: 24/7 On-Chain Finance Will Arrive Sooner says Hougan

Bitwise CIO: 24/7 On-Chain Finance Will Arrive Sooner says Hougan

Trump Criticizes Banks for Stalling Crypto Bill, Backs GENIUS Act

Trump Criticizes Banks for Stalling Crypto Bill, Backs GENIUS Act

Leave a Reply

Your email address will not be published. Required fields are marked *