Global Phishing Network Disrupted in International Operation

A major blow has been dealt to the global cybercrime community with the takedown of the Tycoon 2FA phishing-as-a-service platform. The operation, led by Coinbase, Microsoft, and Europol, resulted in the disruption of over 330 domains hosting phishing pages and administrative control panels used by attackers.

Tycoon 2FA was a subscription-based toolkit that allowed cybercriminals to run phishing campaigns capable of capturing login credentials and authentication data in real-time. The platform intercepted live authentication sessions and collected session cookies or tokens, enabling attackers to bypass multi-factor authentication protections and access accounts without triggering additional security checks.

The operation highlighted the growing reliance on cooperation between technology firms, crypto analytics teams, and law enforcement agencies to disrupt cybercrime networks that operate across jurisdictions. Coinbase's global intelligence team played a key role in tracing cryptocurrency payments used to fund Tycoon 2FA's subscription service, helping investigators map connections between the platform's operator and its customers.

The takedown of Tycoon 2FA is expected to have a significant impact on credential theft and account takeover attacks. However, authorities warn that similar phishing-as-a-service platforms continue to emerge, lowering the technical barriers for cybercriminals.