Registration
 
All news
Top Stories
Editors' Picks
Crypto News
Financial News
Currencies
Market Voices
Companies
Regulators News
Sergey Shendetskyi
Sergey Shendetskyi

Coinbase and Microsoft help dismantle Tycoon 2FA phishing network

Coinbase and Microsoft help dismantle Tycoon 2FA phishing network
Coinbase disrupts cybercrime

​Europol, together with several technology companies, carried out an international operation targeting the phishing platform Tycoon 2FA, which distributed tools for hacking online accounts. The investigation involved Microsoft, Coinbase and a number of cybersecurity firms.

As a result of the operation, the platform’s core infrastructure was disrupted, Cointelegraph reported. Partners and law enforcement agencies blocked hundreds of domains and seized part of the servers used to run the service.

International operation against Tycoon 2FA

According to Europol, Tycoon 2FA operated as a “phishing-as-a-service” platform. The service sold subscriptions to tools designed to steal user credentials, allowing even individuals with limited technical skills to launch phishing campaigns.

Microsoft helped block 330 domains linked to Tycoon’s infrastructure, including phishing pages and administrative panels. At the same time, law enforcement agencies in Latvia, Lithuania, Portugal, Poland, Spain and the United Kingdom seized servers and other elements of the network.

The investigation was coordinated by Europol’s European Cybercrime Centre (EC3). Cloudflare, Trend Micro, Proofpoint and other companies also participated in the operation.

The platform had been active since at least August 2023. According to Microsoft, by mid-2025 Tycoon was linked to roughly 62% of all phishing attacks the company blocked in its systems. In a single month alone, the service was used to send more than 30 million malicious emails.

Tycoon’s tools created convincing copies of popular websites and intercepted session tokens and cookies. This allowed attackers to bypass multi-factor authentication and gain access to corporate email accounts, cloud services and other online systems.

Coinbase helped trace cryptocurrency payments

Crypto exchange Coinbase also played a role in the investigation. The company helped analyze blockchain transactions used to finance the platform.

“Platforms that offer phishing services operate like illegal software businesses: subscriptions, resellers, support and recurring revenue. Some of these payments are made through cryptocurrency, and blockchain transactions create investigative leads that can help link operators, buyers and the associated infrastructure,” company representatives said.

Analysis of those payments helped investigators identify the platform’s alleged administrator. According to the investigation, he may be Pakistani national Saad Fredi.

Coinbase also stressed the importance of cutting off the financial channels behind such services:

“When criminals can no longer receive payments and keep their infrastructure running, their ‘business model’ collapses.”

Why the takedown matters

Phishing attacks remain one of the biggest threats to crypto platforms and online services. According to CertiK, phishing led to losses of about $722 million across 248 incidents in 2025.

Such platforms lower the barrier to entry for cybercriminals. They sell ready-to-use attack tools, technical support and updates, effectively turning cybercrime into a service-based industry.

At the same time, joint operations by the private sector and law enforcement are beginning to show results. According to cybersecurity firm SlowMist, the amount stolen through phishing attacks in 2025 fell 83% to $83.85 million.

The Tycoon 2FA case highlights the growing role of cooperation between technology companies, crypto exchanges and law enforcement agencies in tackling cybercrime. Blockchain analysis and cross-border intelligence sharing are becoming key tools in such investigations.

Read also: Armstrong says Wall Street still underestimates Coinbase amid crypto disruption

This material may contain third-party opinions, none of the data and information on this webpage constitutes investment advice according to our Disclaimer. While we adhere to strict Editorial Integrity, this post may contain references to products from our partners.

Editor's Picks for You

From “Holy Trinity” to WLD crash: How Arthur Hayes became a market-moving seller
  • By Mikhail Vnuchkov
  • 16 hours ago
From “Holy Trinity” to WLD crash: How Arthur Hayes became a market-moving seller
Editors' Picks
The world's first trillionaire: How Musk built his fortune on electric cars, space and AI
  • By Eugene Komchuk
  • Yesterday
The world's first trillionaire: How Musk built his fortune on electric cars, space and AI
Editors' Picks
How precious-metals mining revival is reshaping portfolios in 2026
  • By Ciaran Ryan
  • 11.06.2026
How precious-metals mining revival is reshaping portfolios in 2026
Editors' Picks
All Editors' Top Picks

Latest Microsoft News

Microsoft stock slides 1.88% as Xbox gaming layoffs and restructuring weigh on sentiment
  • By Ezequiel Gomes
  • Yesterday
Microsoft stock slides 1.88% as Xbox gaming layoffs and restructuring weigh on sentiment
Financial News
#Forecast #Microsoft
Microsoft slides again as capex continues to weigh on shares
  • By Anton Kharitonov
  • Yesterday
Microsoft slides again as capex continues to weigh on shares
Financial News
#Forecast #Microsoft
Xbox restructuring pressures Microsoft stock lower
  • By Ciaran Ryan
  • Yesterday
Xbox restructuring pressures Microsoft stock lower
Financial News
#Forecast #Microsoft
All Microsoft News
  • Mikhail Vnuchkov
  • 16 hours ago
From “Holy Trinity” to WLD crash: How Arthur Hayes became a market-moving seller
  • Eugene Komchuk
  • Yesterday
The world's first trillionaire: How Musk built his fortune on electric cars, space and AI
  • Ciaran Ryan
  • 11.06.2026
How precious-metals mining revival is reshaping portfolios in 2026
  • Mikhail Vnuchkov
  • 11.06.2026
Bitcoin price prediction after CPI rise: Is BTC headed for deeper losses?
  • Eugene Komchuk
  • 10.06.2026
Five years with Bitcoin: How El Salvador changed after legalizing BTC
  • Artem Shendetskii
  • 37 min ago
New book covers behavioral and corporate finance, Behavioral Finance notes
  • Andreas Kristo
  • 52 min ago
Obama Presidential Center under review for $470 million gap, Tom Fitton notes
  • Andrey Mastykin
  • 1 hour ago
Social Security relies on current workers to fund retirees, Justin Wolfers notes
  • Anastasiia Chabaniuk
  • 1 hour ago
Weekly chart analysis available last week, Callum Thomas notes
  • Yaroslav Dmytrenko
  • 3 hours ago
David Bird: Identifying bullish sentiment at Australia gold conference in January
Weekly Top Bonuses
up to $2,500
deposit bonus for all clients
CLAIM BONUS
Your capital is at risk.
Top News
  • Mikhail Vnuchkov
  • 16 hours ago
From “Holy Trinity” to WLD crash: How Arthur Hayes became a market-moving seller
From “Holy Trinity” to WLD crash: How Arthur Hayes became a market-moving seller
  • Eugene Komchuk
  • Yesterday
Sam Bankman-Fried fails to challenge FTX conviction
Sam Bankman-Fried fails to challenge FTX conviction
  • Olga Shendetskaya
  • Yesterday
BlackRock loses ETF lead as Vanguard fund inflows accelerate
BlackRock loses ETF lead as Vanguard fund inflows accelerate
  • Igor Krasulya
  • Yesterday
AI executives to discuss technology risks at G7 summit
AI executives to discuss technology risks at G7 summit
  • Eugene Komchuk
  • Yesterday
Traders Union research: 31% of market participants invest for financial independence
Traders Union research: 31% of market participants invest for financial independence
Live News
  • Anton Kharitonov
  • Now
Microsoft slides again as capex continues to weigh on shares
  • Anton Kharitonov
  • Now
Apple recovers as improving risk appetite boosts demand for equities
  • Mykhailo Ihnatenko
  • Now
Moderna eyes breakout as investors focus on its next growth drivers
  • Anton Kharitonov
  • Now
Bitcoin recovers as risk appetite improves despite weak institutional demand
  • Anton Kharitonov
  • Now
WTI continues to decline amid progress in U.S.-Iran talks
Who We Are
Business Solutions
For Users
TU News
Popular Sections
Disclosures
CONTACT US
Legal
We are in Social Media
© IAFT Ltd., 2010-2026 All rights to the website are owned by IAFT Ltd.,
Registration number - HE 336186
  • Risk disclosure:

    Information on the TradersUnion.com website is for informational purposes only and does not constitute any motive or suggestion to visitors to invest money. Moreover, we hereby warn you that trading on the Forex and CFD markets is always a high risk. According to the statistics, 75-89% of customers lose the funds invested and only 11-25% of traders earn a profit. Trading in futures and options carries substantial risk of loss and is not suitable for every investor.

    That is why you should only invest money that you are prepared — or can afford — to lose at such high risks. Tradersunion.com does not provide any financial services, including investment or financial advisory services. Also, the Traders Union is not a broker and does not get money for trading in the Forex or CFD markets. Our website only provides information on brokers and the markets and helps its users to select the best brokerage company based on detailed information and objective analysis of brokers.

  • Disclaimer:

    Traders Union (TradersUnion.com) shall not be liable for the consequences of trading decisions made by the Client and for the possible loss of his capital resulting from the use of this website and information published on it.

    Forex market, CFD and cryptocurrency trading involves high risks and is not suitable for everyone. Before investing money, you need to adequately assess the level of your expertise and be aware of the risks, particularly in the context of trading with leverage. The information on this website is not intended for distribution or use by any person in any country or jurisdiction, where such distribution or use would be in violation of the local law or regulation. Any payments by Traders Union (TradersUnion.com) to the users of our website shall be legally interpreted solely as an incentive on our part for the activity on the website in the form of a deduction of a part of the advertising income; they shall not be a subject of any claims of our users or our obligations, a subject of disputes, as well as cannot be considered in relation to the services provided to users by brokers, both in fact and in their completeness and volume. The administration of the website shall not be liable for the content of user comments and reviews about the companies and shall not verify whether the authors of the reviews are indeed real clients of a specific company. All reviews, both negative and positive are published on the website without verification of their reliability; only offensive reviews that call for violence or any kind of discrimination and also reviews published from one group of IP addresses are moderated and removed. The authors of the materials shall be fully liable for the accuracy, completeness and impartiality of any information in the articles and reviews, including in the context of their use or mention of any brand names or trademarks. All mentions of the names of companies and their brands in any materials on the website shall be made in the context of communication of socially important information to the people about their activities by independent journalists, who are the authors. All evaluations and indicators on the website express the subjective opinion of the authors of the reviews (articles) and shall not be viewed as accurate statements and be a subject of disputes and claims against Traders Union.

  • Disclosure of advertisers and revenues:

    All the services on the Tradersunion.com website are free for you to use. Our team spends thousands of hours per annum researching brokers and gathering information about them to help investors all over the world to choose reliable companies and to avoid fraudsters.

    Indeed, the curating, sourcing, and organization of this process requires substantial financial investment by Tradersunion.com, which the website earns in the form of advertising payments. There are two types of advertising services on the website — direct advertising or partner (broker) participation programs. However, no services purchased by our partners shall affect the recommendations on our website, or our opinions, or ratings. Our ratings are based on our objective rating criteria and methodology; and the results are always equally and fairly applied to each broker. The work of our content authors and research groups does not involve any interaction with our advertisers and they do not have access to data concerning the amount of advertising purchased. For over 10 years we consider our independence, absolute openness, and objectivity as our main priority. Please follow the links to each of our affiliated broker’s websites. This will help Tradersunion.com to continue to provide our services to you for free.

onepercentfortheplanet.org World Association of News Publishers https://gdpr.eu/ GDPR