Coinbase, Microsoft disrupt Tycoon 2FA phishing network linked to credential theft

ambcryptoPublicado a 2026-03-04Actualizado a 2026-03-04

Resumen

Coinbase, in collaboration with Microsoft, Europol, and other partners, has successfully disrupted the Tycoon 2FA phishing-as-a-service platform. This criminal toolkit enabled attackers to steal login credentials and bypass multi-factor authentication (MFA) by using cloned login pages that mimicked trusted services like Microsoft 365. The operation involved seizing key domains through legal action and dismantling the infrastructure powering the service. Coinbase's investigation traced cryptocurrency payments funding the platform, which operated on a subscription model, and attributed its administration to an individual based in Pakistan. The takedown highlights the significant threat phishing poses to the crypto sector, where social engineering remains a major cause of financial losses. This coordinated effort targeted both the operational infrastructure and the financial networks supporting such cybercrime.

Coinbase said it worked with Microsoft, Europol, and other industry partners to disrupt Tycoon 2FA, a phishing-as-a-service platform used by cybercriminals to steal login credentials and bypass multi-factor authentication [MFA].

The coordinated action targeted infrastructure powering Tycoon’s operations, including domains hosting the platform’s control panels and phishing pages.

According to Coinbase, Microsoft filed a civil action that led to a court-authorized seizure of key domains, effectively taking the service offline.

The effort combined legal action, infrastructure takedowns, and blockchain analysis to trace the financial flows that funded the phishing network.

Phishing platform designed to bypass MFA

Tycoon operated as a subscription-based phishing toolkit, enabling attackers to launch credential-harvesting campaigns using cloned login pages that mimic trusted services such as Microsoft 365 and other widely used platforms.

The platform enabled attackers to capture usernames, passwords, and authentication codes in real time. More critically, it allowed criminals to steal session cookies used to access accounts without triggering MFA prompts.

Security experts say that capability makes phishing campaigns significantly more effective. It turns credential theft into a gateway for broader attacks such as account takeovers, business email compromise, and invoice fraud.

Coinbase traced crypto payments funding the service

Coinbase’s Global Intelligence team said it traced cryptocurrency payments used to fund Tycoon’s operations. Phishing-as-a-service platforms often operate like illicit software businesses, with subscription models, resellers, and recurring revenue streams.

Blockchain analysis helped investigators identify financial connections between the platform’s operators and related infrastructure, according to the company.

The investigation also helped attribute Tycoon’s administration to Saad Fridi, who, Coinbase said, is believed to be based in Pakistan.

Phishing attacks remain a major crypto threat

The disruption comes amid persistent security challenges across the crypto sector.

A recent report showed that crypto-related hacks resulted in $112.53 million in losses across January and February 2026. Incidents were concentrated in a small number of major exploits.

Beyond protocol vulnerabilities, social engineering remains a major driver of losses. This highlights the scale of credential-theft campaigns targeting crypto users and financial platforms.

Platforms like Tycoon have contributed to that trend by industrializing phishing operations, allowing criminals to run campaigns through ready-made toolkits and subscription services.

Pressure on the phishing economy

Coinbase said dismantling services like Tycoon requires targeting both the infrastructure that powers phishing campaigns and the financial networks that support them.

The company said it will continue working with technology companies and law enforcement to prevent cryptocurrency from being used to fund cybercrime.

Final Summary

Coinbase and Microsoft helped dismantle Tycoon 2FA, a phishing-as-a-service platform used to steal credentials and bypass MFA protections.
The disruption comes as phishing attacks remain a major driver of crypto losses, with security data showing hundreds of millions stolen through social-engineering campaigns.

Preguntas relacionadas

QWhat is Tycoon 2FA and what was its primary function?

ATycoon 2FA was a phishing-as-a-service platform used by cybercriminals to steal login credentials and bypass multi-factor authentication (MFA) protections.

QWhich companies and organizations collaborated to disrupt the Tycoon 2FA network?

ACoinbase worked with Microsoft, Europol, and other industry partners to disrupt the Tycoon 2FA network.

QHow did the Tycoon 2FA platform manage to bypass multi-factor authentication?

AThe platform allowed attackers to capture usernames, passwords, and authentication codes in real time, and more critically, to steal session cookies which could be used to access accounts without triggering MFA prompts.

QWhat role did Coinbase's Global Intelligence team play in the investigation?

ACoinbase's Global Intelligence team traced the cryptocurrency payments used to fund Tycoon's operations, using blockchain analysis to identify financial connections and help attribute the platform's administration to an individual based in Pakistan.

QAccording to the article, how much was lost to crypto-related hacks in January and February 2026?

AAccording to a recent report cited in the article, crypto-related hacks resulted in $112.53 million in losses across January and February 2026.

Lecturas Relacionadas

On-Chain Figures on the Eve of Kickoff: 1.6 Billion Traded Before the World Cup Even Begins

"On-Chain Numbers on the Eve of the World Cup: $1.6 Billion Traded Before Kick-off" Analysis of on-chain markets before the 2026 FIFA World Cup reveals significant crypto integration into football. The most striking figure is the approximately **$1.6 billion** in total trading volume on the single "World Cup Winner" contract on the Polymarket prediction market platform, accumulated before a single match was played. This represents explosive growth for a sector whose annual volume surged from ~$16B in 2024 to ~$64B in 2025. The ecosystem is maturing beyond speculation. Key developments include: 1) **Infrastructure upgrades** like Polymarket's migration to native, regulated USDC stablecoin for settlements; 2) **Reliable data oracles**, such as Chainlink, being used to resolve real-world match outcomes on-chain; and 3) **Official recognition**, with FIFA appointing its first-ever "Prediction Markets" partner. Over 100 contracts now cover everything from the outright winner to individual match results and even non-sporting risks like venue relocation. This evolution marks a fundamental shift. While crypto firms are absent from FIFA's top-tier sponsor list, the technology has deeply penetrated the tournament's financial and predictive infrastructure through regulated stablecoin settlements, decentralized oracles, and new official partnership categories. The regulatory landscape remains complex and varies by jurisdiction, but on-chain markets for the World Cup are already a multi-billion-dollar reality.

marsbitHace 13 min(s)

On-Chain Figures on the Eve of Kickoff: 1.6 Billion Traded Before the World Cup Even Begins

marsbitHace 13 min(s)

From SpaceX's IPO to the Future of Crypto: Which Crypto Sectors Will Host the Trillion-Dollar Narrative?

From the SpaceX IPO, which targets a $750 billion raise at a $1.77 trillion valuation, we can extrapolate capital flow trends relevant to crypto. The focus shifts from speculative narratives to foundational infrastructure and real-world asset (RWA) integration. Key crypto sectors poised to benefit include: 1. **AI Infrastructure**: The narrative is moving from consumer-facing AI applications to underlying, scarce resources like compute power and decentralized GPU networks (e.g., TAO, RENDER, AKT, IO). These protocols are positioning as the essential "picks and shovels" providers for the AI economy. 2. **Real-World Assets (RWA)**: Beyond tokenized treasury bonds, RWA's future lies in on-chain equity and pre-IPO assets like SpaceX. This could democratize access to high-growth assets and reshape global capital flows, benefiting infrastructure projects like ONDO, LINK, and Plume that facilitate issuance, data, and liquidity. 3. **Core Financial Infrastructure**: Stablecoins, payment networks, and DePIN (Decentralized Physical Infrastructure Networks) are critical for settling the future on-chain economy. Their role expands from internal trading tools to foundational layers for global finance, AI systems, and real-world asset networks, leading to potential value reassessment. In summary, the next cycle may prioritize long-term infrastructure value—AI compute, asset tokenization networks, and settlement layers—over short-lived application hype, mirroring the broader market's shift towards funding the foundational systems of the future.

marsbitHace 34 min(s)

From SpaceX's IPO to the Future of Crypto: Which Crypto Sectors Will Host the Trillion-Dollar Narrative?

marsbitHace 34 min(s)

Bitcoin Drops To $59,000 For First Time Since 2024: Crypto’s Total Value Sheds $2 Trillion Since October

Bitcoin's decline accelerated on Friday, dropping to approximately $59,685, its lowest point since October 2024. This sell-off has extended across the broader cryptocurrency market, erasing over $2 trillion in value from its October 2025 peak of around $4.2 trillion. Major factors cited include significant outflows from Bitcoin ETFs and renewed geopolitical tensions. Other major cryptocurrencies, including Ethereum, XRP, Solana, and Dogecoin, also experienced significant drops, with Ethereum falling over 12% to its lowest level since April 2025. Market sentiment has deteriorated sharply, with the crypto Fear & Greed Index indicating "extreme fear." Bitcoin is now down more than 50% from its all-time high of about $126,000 in October, with its market capitalization falling from roughly $2.5 trillion to $1.2 trillion. Looking ahead, some traders project Bitcoin could recover to around $65,000 by year-end, but this would still leave it far below its previous peak, suggesting a full recovery from current losses may not be imminent.

bitcoinistHace 36 min(s)

Bitcoin Drops To $59,000 For First Time Since 2024: Crypto’s Total Value Sheds $2 Trillion Since October

bitcoinistHace 36 min(s)

Crypto Market Plunges: Bitcoin Breaks Below $60k, Ethereum Drops Over 10%, Strategy Hunted by Short Sellers

Bitcoin experienced a severe sell-off, falling below $60,000 to its lowest point since October 2024, with weekly losses reaching 16%. The decline was triggered by Michael Saylor's MicroStrategy selling part of its Bitcoin holdings, which sparked hundreds of millions in forced liquidations. Stronger-than-expected U.S. jobs data then pushed Treasury yields higher, further pressuring risk assets like crypto. MicroStrategy's stock plummeted 24% for the week, its worst performance since late 2022, as bearish bets against the company surged. The sell-off was exacerbated by a shift of speculative capital towards AI and semiconductor stocks, as well as dimming prospects for key U.S. crypto legislation. Bitcoin's correlation with major stock indices has recently broken down, failing to rally alongside record-high equities. While Bitcoin ETFs saw a slight inflow after a record 13-day outflow streak, total assets under management have shrunk significantly. Despite the gloom, some, like Strive's CEO, view the drop to the 200-week moving average as a historic buying opportunity. Meanwhile, options markets show intense put buying on MicroStrategy, and its floating-rate preferred shares (STRC) have also plunged, reflecting heightened market risk perception towards Saylor's strategy amid a rising rate environment.

华尔街日报Hace 1 hora(s)

Crypto Market Plunges: Bitcoin Breaks Below $60k, Ethereum Drops Over 10%, Strategy Hunted by Short Sellers

华尔街日报Hace 1 hora(s)

Tech Stocks Plunge and Bitcoin Slumps, Retail Investors Face Ultimate Test Ahead of SpaceX IPO

Technology stocks suffered their biggest drop in months, and Bitcoin fell below the $60,000 mark, coinciding with the eve of SpaceX's massive IPO plans. The sell-off was triggered by strong U.S. jobs data, dashing hopes for Fed rate cuts and reviving fears of further hikes. High-valuation sectors like AI and semiconductors led the declines, with the Nasdaq plunging over 4%. Cryptocurrencies, sensitive to higher interest rates and a strong dollar, also tumbled sharply. This market stress test raises critical questions about the limits of retail investor capital and its next destination. SpaceX's upcoming IPO, which plans to allocate an unusually high 30% of shares to retail investors, now faces a more uncertain landscape. Analysts warn that to buy SpaceX,散户 may need to sell existing holdings, with Tesla seen as a potential source of funds. The market is saturated with speculative options—from crypto and meme stocks to zero-day options and AI-themed ETFs—all competing for the same pool of retail attention and capital. While SpaceX's listing could inject fresh excitement, it also enters a fiercely competitive environment where investor loyalty is fleeting. The ease of zero-commission trading and lower barriers to margin trading accelerate capital rotation between narratives, making it difficult for any single story, even a historic IPO like SpaceX's, to dominate for long.

华尔街日报Hace 1 hora(s)

Tech Stocks Plunge and Bitcoin Slumps, Retail Investors Face Ultimate Test Ahead of SpaceX IPO

华尔街日报Hace 1 hora(s)

Trading

Spot

Futuros