Microsoft and Coinbase Aid in Shutting Down Tycoon Phishing Service

Europol, Coinbase, and Microsoft shut down Tycoon 2FA, a major phishing software provider.

Europol, in collaboration with Coinbase, Microsoft, and other tech companies, halted the operations of Tycoon 2FA, a service providing phishing software. 

Operating since at least August 2023, the service was among the largest distributors of data theft tools. According to law enforcement, Tycoon was responsible for approximately 62% of all phishing attacks blocked by Microsoft.

The platform’s tools for cybercriminals created convincing clones of original websites and could intercept 2FA passwords through access to cookies.

In collaboration with Europol, fintech firms “provided technical expertise and infrastructure analysis.”

In a separate press release, Coinbase detailed its role in the case. The cryptocurrency exchange tracked the payment channels that financed Tycoon. 

“Platforms providing phishing services operate like illegal software sales services: subscriptions, resellers, support, regular income. Some of these payments are made through cryptocurrency, and blockchain transactions create investigative leads that can help link operators, buyers, and the corresponding infrastructure,” company representatives noted.

Additionally, Coinbase helped identify the administrator of Tycoon, who is believed to be Saad Fridi from Pakistan. Meanwhile, Microsoft filed a civil lawsuit that led to the confiscation of Tycoon’s key domains.

Exchange representatives noted that they will continue efforts to hold clients of the illegal platform accountable. 

“When criminals cannot receive money and maintain their infrastructure, their ‘business model’ collapses,” Coinbase emphasized.

Back in 2025, the amount stolen through phishing attacks decreased by 83% to $83.85 million, according to SlowMist data.