Headline: Coinbase, Microsoft and Europol dismantle Tycoon 2FA phishing-as-a-service — blockchain tracing helped identify operators and customers
Coinbase, Microsoft and Europol have joined forces to take down Tycoon 2FA, a prolific phishing-as-a-service operation that let criminals bypass multi-factor authentication and harvest authenticated sessions.
In a joint announcement on Wednesday, Coinbase said its blockchain tracing helped link on-chain transactions to the phishing platform, enabling law enforcement to identify the alleged administrator and several customers who bought the service. Europol described Tycoon as a subscription-based toolkit that intercepted live authentication sessions and captured session cookies — allowing attackers to access accounts without triggering MFA prompts.
Tycoon has been active since at least 2023. By mid-2025, Europol said the platform was responsible for nearly 62% of all phishing attacks blocked by Microsoft. Operating at scale, Tycoon reportedly generated tens of millions of phishing emails each month and facilitated unauthorized access to nearly 100,000 organizations worldwide, including schools, hospitals and public institutions.
Coinbase emphasized it is continuing to hunt down Tycoon purchasers and will keep supporting law enforcement efforts against people who bought or used the service to target victims. The takedown highlights how blockchain analytics can be used to trace financial flows tied to cybercrime and assist cross-border investigations.
The takedown comes as phishing losses fell sharply in 2025 — down about 83% year-over-year, according to earlier reporting — but attackers haven’t stopped evolving. Threat actors have moved to more sophisticated techniques in the crypto space, including exploits linked to EIP-7702 and signature-based flows like Permit and Permit2, as well as transfer-based attacks. Blockchain security firm CertiK noted phishing remained the third most costly attack vector in 2025.
The disruption of Tycoon 2FA underscores the value of coordinated industry and law enforcement action, and the increasing role of on-chain forensics in tracking and dismantling cybercrime infrastructures targeting both everyday web accounts and crypto users.
Read more AI-generated news on: undefined/news
