Coinbase, Microsoft and Europol Dismantle Tycoon 2FA Phishing Network

Coinbase, Microsoft and Europol collaborated to shut down Tycoon 2FA, tracing blockchain-based transactions to support law enforcement in seizing domains and disrupting phishing operations targeting major email services.

56d ago

Summary

Coinbase, Microsoft, and Europol successfully dismantled Tycoon 2FA, a phishing-as-a-service platform active since August 2023 that bypassed multi-factor authentication using stolen session cookies and tokens. Approximately 2,000 users were involved, and 330 of the roughly 24,000 domains were seized. The platform targeted Microsoft 365, Outlook, and Gmail accounts. Coinbase traced cryptocurrency transactions linked to Tycoon, aiding civil enforcement proceedings against developer Saad Fridi.

Terms & Concepts

Phishing-as-a-Service (PhaaS): An illicit model where cybercriminals sell prebuilt tools and infrastructure enabling others to conduct phishing attacks.
Multi-Factor Authentication (MFA): A security measure requiring more than one form of verification, such as a password and a token, to access an account.
Session Cookie: A temporary file used by websites to maintain user authentication; stealing it can allow attackers to bypass login security.