- A coordinated effort led by Europol has taken down Tycoon 2FA.
- Coinbase and other private entities joined Europol and Microsoft to fight phishing.
- Tycoon 2FA was one of the world’s largest phishing operations.
Coinbase, the leading cryptocurrency exchange in the US, has joined other private and public entities to halt the activities of Tycoon 2FA, a phishing-as-a-service platform used to bypass multiple-factor authentication (MFA) and enable large-scale account compromise.
Coinbase Zero-Tolerance for Criminals
In its latest post on X, Coinbase assured users that it will continue working with Microsoft, a major partner in the exercise, and law enforcement, to help identify and pursue accountability for criminals operating using Tycoon 2FA.
The crypto exchange reiterated its zero-tolerance policy for criminals and its willingness to dedicate expert resources to pursuing and bringing them to justice. In the meantime, Coinbase Chief Legal Officer Paul Grewal emphasized the firm’s elite team of investigators and former prosecutors, advising criminals to stay away from the platform.
A Europol-Led Coordination
According to reports, a coordinated international operation supported by Europol disrupted Tycoon 2FA’s activities, taking down its infrastructure. Among the platforms disrupted are 330 domains that form the criminal service’s core structure, including phishing pages and control panels.
It is worth noting that Microsoft led the Tycoon 2FA disruption exercise, with the support of a coalition of private partners, while law enforcement in Latvia, Lithuania, Portugal, Poland, Spain, and the United Kingdom, coordinated by Europol, carried out the seizure of infrastructure and other operational measures.
Related Articles: 7 Phishing Gang Members Arrested in Korea for Stealing 800M Won from Virtual Wallets
How Europol Dismantled Tycoon 2FA
Tycoon 2FA had been active since August 2023 and was one of the largest phishing operations worldwide. The platform provided cybercriminals with a subscription-based toolkit designed to intercept live authentication sessions, enabling them to gain unauthorized access to online accounts, including those with additional security layers.
Dismantling the phishing platform involved an intelligence-based operation initiated by Trend Micro. Notably, Europol used its EC3 Advisory Groups and operational networks to disseminate acquired information, enabling the development of a coordinated operational strategy.
Meanwhile, Microsoft and Trend Micro worked alongside law enforcement authorities through Europol’s Cyber Intelligence Extension Program (CIEP), providing technical expertise and infrastructure analysis.
Related Articles: Wallet Poisoning and Phishing Scams Drain Millions in Crypto
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
