Coinbase, Microsoft, and Europol Smash Tycoon 2FA Phishing Ring—A Major Win for Crypto Security

A coordinated takedown by tech titans and international law enforcement just delivered a knockout blow to a sophisticated phishing operation targeting crypto users worldwide.

The Tycoon 2FA site wasn't your average scam. It was a cleverly disguised trap designed to bypass the very security measures—like two-factor authentication—that users rely on to protect their digital assets. By mimicking legitimate authentication processes, the site siphoned credentials from unsuspecting victims, putting millions in cryptocurrency at risk.

Why This Crackdown Matters

This isn't just about shutting down a single website. It's a signal. The collaboration between a leading exchange like Coinbase, a tech behemoth like Microsoft, and Europol's cybercrime unit shows a maturing defense posture for the entire digital asset ecosystem. It proves that when key players align, they can effectively hunt threats that target the foundational trust in crypto markets.

The operation highlights a persistent truth in finance: where there's money—digital or otherwise—phishers will cast their nets. Yet, this successful strike demonstrates that the nets are getting tougher to weave and easier to tear apart.

A stronger, safer infrastructure isn't just good for user peace of mind; it's the bedrock for the next wave of institutional adoption. After all, even the most bullish investor gets cold feet when the front door's lock keeps getting picked—though some Wall Street veterans might call that just another Tuesday.

Microsoft, Coinbase, and others take down Tycoon 2FA

The site had up to 2,000 users and operated more than 24,000 domains since its launch in August 2023. 

Microsoft said it seized 330 active domains powering the site and its control panels, under a court order from the U.S. District Court for the Southern District of New York. Together, they also identified the primary developer to be Saad Fridi, based in Pakistan. 

Coinbase said it helped trace the crypto payments that funded Tycoon’s operation and supported the civil action to seize the domains. The exchange said efforts are still ongoing with law enforcement to pursue the people who bought and used the Tycoon phishing service.

“This was not a single phishing campaign. It was an industrialized service built to make MFA bypass accessible to thousands of criminals,” said Robert McArdle, Director for Cybercrime Research at TrendAITM, one of the partners. 

Crypto losses to phishing attack hit $83 million

Earlier in January, Chainalysis reported that crypto scams are becoming increasingly industrialized with the rise of phishing-as-a-service and other tools. 

Some of the phishing kits are bought for under $500, but at scale, they can lead to millions of dollars in losses.

“This modular, service-based approach is a force multiplier and allows even technically unsophisticated criminals to execute sophisticated phishing campaigns, substantially lowering the barrier to entry for cryptocurrency fraud,” Chainalysis wrote.

Up to 106,106 victims lost their cryptocurrency to phishing attacks last year, though the figure was a lot lower than the year before. According to Scam Sniffer, crypto users lost $83.85 million, marking an 83% decline from the compared to $494 million recorded in 2024.

Scam Sniffer found that phishing losses correlate with market activities. More losses were recorded in Q3, totaling $31 million, when ETH saw its strongest rally for the year, Cryptopolitan reported.

The smartest crypto minds already read our newsletter. Want in? Join them.