Coinbase, Microsoft, and EU Police Dismantle Major Phishing Platform Tycoon 2FA

A joint operation by Coinbase, Microsoft, and EU law enforcement has successfully dismantled the core infrastructure of a major Phishing-as-a-Service platform known as Tycoon 2FA. This platform has long provided cybercriminals with tools to bypass multi-factor authentication (MFA), posing a serious threat to user account security. Coinbase noted that the operation has cut off a critical channel for criminal groups to obtain user credentials, forcing attackers to rebuild their tools and bear higher risks. Microsoft assisted in blocking 330 malicious domains associated with Tycoon 2FA, significantly weakening its ability to spread.

The core technology of Tycoon 2FA relies on highly realistic fake login pages that can accurately mimic the interfaces of banks, e-commerce platforms, and enterprise services. More dangerously, it can also steal session cookies and authentication tokens from users' browsers. These tokens are generated by the system after a user completes MFA and are used to maintain login status. Once stolen, attackers can directly log into accounts without passwords or verification codes, seamlessly bypassing security mechanisms.

This combination of "high-fidelity imitation + session hijacking" has upgraded phishing attacks from inefficient random attempts to predictable, high-success-rate intrusion points. Subsequent attacks resulting from this include account takeover, business email compromise, invoice tampering, data breaches, and even ransomware deployment. Affected industries include healthcare, education, finance, and government agencies, leading to disruptions in medical care, financial losses, and network paralysis. Because the platform is simple to operate and has a very low barrier to entry, even criminals with limited technical skills can quickly deploy large-scale attacks. This operation not only strikes a global top-tier phishing infrastructure but also significantly enhances the security defenses of the entire digital ecosystem, blocking potential major security threats for millions of users and organizations.