Coinbase, Microsoft disrupt Tycoon 2FA phishing network linked to credential theft

ambcryptoОпубліковано о 2026-03-04Востаннє оновлено о 2026-03-04

Анотація

Coinbase, in collaboration with Microsoft, Europol, and other partners, has successfully disrupted the Tycoon 2FA phishing-as-a-service platform. This criminal toolkit enabled attackers to steal login credentials and bypass multi-factor authentication (MFA) by using cloned login pages that mimicked trusted services like Microsoft 365. The operation involved seizing key domains through legal action and dismantling the infrastructure powering the service. Coinbase's investigation traced cryptocurrency payments funding the platform, which operated on a subscription model, and attributed its administration to an individual based in Pakistan. The takedown highlights the significant threat phishing poses to the crypto sector, where social engineering remains a major cause of financial losses. This coordinated effort targeted both the operational infrastructure and the financial networks supporting such cybercrime.

Coinbase said it worked with Microsoft, Europol, and other industry partners to disrupt Tycoon 2FA, a phishing-as-a-service platform used by cybercriminals to steal login credentials and bypass multi-factor authentication [MFA].

The coordinated action targeted infrastructure powering Tycoon’s operations, including domains hosting the platform’s control panels and phishing pages.

According to Coinbase, Microsoft filed a civil action that led to a court-authorized seizure of key domains, effectively taking the service offline.

The effort combined legal action, infrastructure takedowns, and blockchain analysis to trace the financial flows that funded the phishing network.

Phishing platform designed to bypass MFA

Tycoon operated as a subscription-based phishing toolkit, enabling attackers to launch credential-harvesting campaigns using cloned login pages that mimic trusted services such as Microsoft 365 and other widely used platforms.

The platform enabled attackers to capture usernames, passwords, and authentication codes in real time. More critically, it allowed criminals to steal session cookies used to access accounts without triggering MFA prompts.

Security experts say that capability makes phishing campaigns significantly more effective. It turns credential theft into a gateway for broader attacks such as account takeovers, business email compromise, and invoice fraud.

Coinbase traced crypto payments funding the service

Coinbase’s Global Intelligence team said it traced cryptocurrency payments used to fund Tycoon’s operations. Phishing-as-a-service platforms often operate like illicit software businesses, with subscription models, resellers, and recurring revenue streams.

Blockchain analysis helped investigators identify financial connections between the platform’s operators and related infrastructure, according to the company.

The investigation also helped attribute Tycoon’s administration to Saad Fridi, who, Coinbase said, is believed to be based in Pakistan.

Phishing attacks remain a major crypto threat

The disruption comes amid persistent security challenges across the crypto sector.

A recent report showed that crypto-related hacks resulted in $112.53 million in losses across January and February 2026. Incidents were concentrated in a small number of major exploits.

Beyond protocol vulnerabilities, social engineering remains a major driver of losses. This highlights the scale of credential-theft campaigns targeting crypto users and financial platforms.

Platforms like Tycoon have contributed to that trend by industrializing phishing operations, allowing criminals to run campaigns through ready-made toolkits and subscription services.

Pressure on the phishing economy

Coinbase said dismantling services like Tycoon requires targeting both the infrastructure that powers phishing campaigns and the financial networks that support them.

The company said it will continue working with technology companies and law enforcement to prevent cryptocurrency from being used to fund cybercrime.

Final Summary

Coinbase and Microsoft helped dismantle Tycoon 2FA, a phishing-as-a-service platform used to steal credentials and bypass MFA protections.
The disruption comes as phishing attacks remain a major driver of crypto losses, with security data showing hundreds of millions stolen through social-engineering campaigns.

Пов'язані питання

QWhat is Tycoon 2FA and what was its primary function?

ATycoon 2FA was a phishing-as-a-service platform used by cybercriminals to steal login credentials and bypass multi-factor authentication (MFA) protections.

QWhich companies and organizations collaborated to disrupt the Tycoon 2FA network?

ACoinbase worked with Microsoft, Europol, and other industry partners to disrupt the Tycoon 2FA network.

QHow did the Tycoon 2FA platform manage to bypass multi-factor authentication?

AThe platform allowed attackers to capture usernames, passwords, and authentication codes in real time, and more critically, to steal session cookies which could be used to access accounts without triggering MFA prompts.

QWhat role did Coinbase's Global Intelligence team play in the investigation?

ACoinbase's Global Intelligence team traced the cryptocurrency payments used to fund Tycoon's operations, using blockchain analysis to identify financial connections and help attribute the platform's administration to an individual based in Pakistan.

QAccording to the article, how much was lost to crypto-related hacks in January and February 2026?

AAccording to a recent report cited in the article, crypto-related hacks resulted in $112.53 million in losses across January and February 2026.

Пов'язані матеріали

Hong Kong Crypto Scam Shock: Woman Loses Nearly $1 Million As AI Fraud Surges

Hong Kong Crypto Scam Shock: Woman Loses Nearly $1 Million As AI Fraud Surges A Hong Kong woman lost HK$7.7 million (approximately $982,000) after being lured into a fraudulent cryptocurrency investment platform. The scam began on Telegram, where a person posing as an investment expert promoted an AI-powered trading strategy with guaranteed returns. After making 17 transfers of USDT and Ethereum, the victim was unable to withdraw her funds. Hong Kong Police have reported a significant surge in such online investment fraud, with over 80 cases recorded in a single week, totaling losses of nearly HK$80 million. Authorities warn that scammers are increasingly using sophisticated tactics, including promises of "AI trading" and "guaranteed profits," to appear credible. This follows a similar incident last month where a retiree lost HK$6.6 million in a multi-stage scam. Police urge the public to be cautious of unsolicited investment advice and to verify platforms through the official CyberDefender service before transferring any money. They emphasize that no legitimate investment can guarantee returns. Investigations are ongoing.

bitcoinist1 год тому

a16z New Article: Prediction Markets Entering the Fast-Forward Phase

Prediction markets are evolving from niche tools focused on elections and sports into a broader financial infrastructure for pricing real-world uncertainty. Key shifts include: application expansion beyond sports into entertainment, macro, and CPI markets; the creation of direct price benchmarks for events (e.g., tariffs, Fed decisions), enabling precise hedging without correlated asset risks; and growing institutional adoption, though still early-stage. While sports drive volume, long-tail markets show faster growth. Current institutional use is primarily for data, but progression toward system integration and active trading is expected. Regulatory advancements, like margin trading, are critical for scaling. The market is transitioning toward an essential, institutional-grade tool, similar to the evolution of options markets.

marsbit3 год тому

a16z New Article: Prediction Markets Entering the Fast-Forward Phase

marsbit3 год тому

Kyrgyzstan President Meets Justin Sun, Tron Collaborates with Kyrgyzstan to Build a New Digital Economy Landscape in Central Asia

Justin Sun, founder of TRON, met with Kyrgyzstan President Sadyr Japarov in Bishkek to discuss digital financial transformation, virtual asset regulation, and TRON’s strategic expansion into Central Asia. This marks TRON's first major partnership in the region. President Japarov emphasized Kyrgyzstan’s goal to become a regional hub for virtual assets and Web3 technologies, aligning with TRON’s strengths in high-throughput, low-cost stablecoin infrastructure. Sun expressed TRON’s commitment to supporting this vision through concrete projects. Japarov also highlighted the work of the National Committee for Virtual Assets and Blockchain Development, which he chairs. The committee has advanced initiatives including exploring a national stablecoin, testing a CBDC, and developing a regulatory sandbox. The meeting underscores growing international interest in Kyrgyzstan’s digital economy strategy.

marsbit3 год тому

Kyrgyzstan President Meets Justin Sun, Tron Collaborates with Kyrgyzstan to Build a New Digital Economy Landscape in Central Asia

marsbit3 год тому

TechFlow Intelligence Bureau: KelpDAO Attack Causes Nearly $300 Million Loss, Triggers Aave Withdrawal Wave, RAVE Crashes 95% in a Single Day

China's AI firm DeepSeek is seeking external funding for the first time, with a valuation exceeding $10 billion, signaling intensifying competition and high R&D costs in the domestic large model sector. Meanwhile, OpenAI CEO Sam Altman faces scrutiny over potential conflicts of interest between his personal investments and OpenAI’s business ahead of a possible IPO. In Web3, KelpDAO suffered a $294 million attack due to forged cross-chain messages on LayerZero, leading to massive withdrawals from Aave and a resulting 18% drop in AAVE tokens. Separately, RAVE cryptocurrency collapsed by 95% in a single day amid suspected insider manipulation. Geopolitically, Iran is now demanding Bitcoin payments for transit through the Strait of Hormuz, reflecting both internal governmental discord and the growing adoption of crypto in tense regions. In semiconductors, Nvidia CEO Jensen Huang showed rare public frustration over questions regarding chip sales to China, while the industry faces renewed price hikes. Tesla continues expanding its Robotaxi service, and a Chinese humanoid robot outperformed humans in a half-marathon, marking a milestone in robotics. Despite Middle East tensions and market uncertainties, U.S. stocks continue to rise, prompting discussions about market optimism versus risk blindness. Overall, today’s developments highlight systemic vulnerabilities—in tech, finance, and geopolitics—while also showcasing innovation in crises.

marsbit4 год тому

TechFlow Intelligence Bureau: KelpDAO Attack Causes Nearly $300 Million Loss, Triggers Aave Withdrawal Wave, RAVE Crashes 95% in a Single Day

marsbit4 год тому

Trading Volume Soars 80-Fold: How Kalshi is Reshaping the Sports Prediction Market

Kalshi, a US-regulated prediction market platform, has experienced explosive growth, with monthly trading volume surging 80x to $14.4 billion by March 2026. Sports markets drive this expansion, representing 68% of total activity. Analysis shows Kalshi's prices are highly efficient, with pre-game probabilities deviating only 5.5% from actual outcomes. While its peer-to-peer exchange model offers advantages over traditional sportsbooks—including nationwide availability and no betting limits—Kalshi faces challenges with higher effective fees (2.8-4.2%) and limited in-play liquidity. The platform's $22 billion valuation reflects its positioning as an exchange rather than a bookmaker, but maintaining this premium requires improving liquidity depth and managing competition from rivals like Polymarket and potential entrants from traditional sports betting.

marsbit9 год тому

Trading Volume Soars 80-Fold: How Kalshi is Reshaping the Sports Prediction Market

marsbit9 год тому

Торгівля

Спот

Ф'ючерси