Coinbase and partners dismantle Tycoon 2FA phishing platform

A coalition of tech companies and law enforcement, including Coinbase, has dismantled the core infrastructure of Tycoon 2FA, a phishing-as-a-service platform that offered tools to bypass multi-factor authentication. Europol announced Wednesday that Microsoft helped block 330 domains linked to the platform, while law enforcement seized additional key infrastructure.

Coinbase said it assisted by tracing blockchain-related transactions that funded Tycoon 2FA, which helped identify the platform’s alleged administrator and buyers. “Taking Tycoon’s core infrastructure offline cuts off a major pipeline for credential theft and initial access, and forces criminals to rebuild, retool, and take on more risk,” Coinbase added.

Tycoon’s toolkit included spoofed landing pages designed to steal credentials and the capability to capture session cookies and tokens, allowing attackers to bypass MFA protections, Coinbase said.

tycoon 2fa, coinbase, europol, microsoft, phishing-as-a-service, mfa bypass, session cookies, spoofed pages, blockchain tracing, credential theft