Coinbase, in collaboration with Europol and Microsoft, has successfully dismantled the Tycoon 2FA phishing network. This sophisticated operation, active since 2023, offered a phishing-as-a-service platform used by criminals to bypass account security and steal login credentials.
Investigators traced blockchain transactions linked to Tycoon 2FA, enabling law enforcement to identify the suspected administrator and users of the platform. The service allowed attackers to send millions of fake emails, intercepting session cookies to gain unauthorized account access without triggering security alerts.
Authorities report that Tycoon 2FA generated tens of millions of phishing emails monthly, impacting nearly 100,000 organizations globally, including critical sectors like schools, hospitals, companies, and government institutions. The platform was responsible for a significant portion of phishing attacks detected by Microsoft security systems.
While phishing attacks have seen a decrease, experts warn that attackers are employing increasingly advanced methods. The shutdown of Tycoon 2FA represents a significant blow against cybercrime, though vigilance against evolving phishing tactics remains crucial.