Collaboration Against Cyber Threats
In a collaborative effort, Coinbase has joined forces with Microsoft and Europol to combat the cyber threat posed by a phishing-as-a-service platform known as Tycoon 2FA. Announced on Wednesday, Coinbase revealed its role in tracing digital transactions associated with the malicious service, which ultimately enabled law enforcement agencies to pinpoint the alleged leader of the operation as well as some of its users.
Operation of Tycoon 2FA
Tycoon 2FA operated under a subscription model, offering cybercriminals a toolkit that allowed them to hijack live authentication sessions to unlawfully access various online accounts, even those that employed extra security measures.
The method employed by these hackers involved capturing session cookies from users who were already logged into their accounts, thereby bypassing multi-factor authentication safeguards. Coinbase has committed to pursuing the customers of Tycoon 2FA and intends to assist law enforcement in identifying individuals who leveraged this service to conduct phishing attacks.
Impact and Statistics
Tycoon 2FA emerged on the scene as early as 2023 and had shown significant impact by mid-2025, leading to nearly 62% of phishing incidents that Microsoft managed to thwart, according to Europol. This platform was responsible for generating millions of phishing emails on a monthly basis, compromising almost 100,000 organizations worldwide – including educational institutions, healthcare facilities, and public sector entities.
Evolution of Phishing Attacks
Despite a sharp decline in losses from phishing schemes, which fell by 83% in 2025 relative to the previous year, the sophistication of these attacks has evolved. Newer tactics, such as those exploiting EIP-7702, Permit, and Permit2 signatures, along with transfer-based attacks, have surfaced. Additionally, a report from CertiK indicated that phishing attacks retained their position as the third most financially damaging form of cyber-attack in 2025.
