Coinbase, Microsoft, and Europol Dismantle Tycoon 2FA Crypto Phishing Network

Coinbase, Microsoft, and Europol recently collaborated to dismantle a large-scale cryptocurrency phishing network known as Tycoon 2FA. This network sent out tens of millions of fraudulent emails monthly, impersonating official notifications from well-known platforms to trick users into entering their two-factor authentication codes, thereby stealing their crypto assets. It was revealed that nearly 100,000 businesses, schools, hospitals, and government organizations worldwide were targeted, with approximately 62% of phishing attacks intercepted by Microsoft's security systems linked to this network. Investigators analyzed email servers, domain registration information, and fund flows to gradually identify the operational team, leading to an end-to-end takedown with the cooperation of multiple countries. This operation not only cut off the main attack channels but also revealed how attackers exploit vulnerabilities in enterprise-level two-factor authentication mechanisms for targeted fraud. Security experts warn that even with 2FA enabled, users should remain vigilant against fake login pages and social engineering traps, recommending the use of more secure authentication methods such as hardware keys.