Coinbase Helps Dismantle Major Phishing Platform
Coinbase, Microsoft, and Europol dismantled the core infrastructure of the Tycoon 2FA phishing-as-a-service platform.Summary
A coalition including Coinbase, Microsoft, and Europol successfully dismantled the core infrastructure of Tycoon 2FA, a major phishing-as-a-service platform used to bypass multi-factor authentication (MFA).
Microsoft helped block 330 domains linked to the platform, while Coinbase provided financial tracing of blockchain transactions funding Tycoon 2FA, which aided in identifying the alleged administrator and buyers. The platform offered toolkits that created spoofed landing pages to steal credentials and capture session tokens, allowing attackers to bypass MFA protections and execute larger crimes like account takeovers and invoice fraud.
Tycoon 2FA had been active since at least 2023 and became one of the largest global phishing operations, accounting for 62% of phishing attempts Microsoft blocked by mid-2025. Dismantling its infrastructure cuts off a major pipeline for credential theft and protects organizations across various sectors from subsequent attacks.
(Source:Cointelegraph)