I just realized some important security news. It turns out that law enforcement agencies, Coinbase, and Microsoft have just taken down one of the most dangerous scam services — Tycoon 2FA.

This Tycoon is no small fry. It’s a phishing-as-a-service platform specialized in bypassing multi-factor authentication. Europol reports that Microsoft has blocked 330 related domains, and other authorities have seized additional critical infrastructure. Importantly, Coinbase helped trace blockchain transactions funding Tycoon, which led to identifying the operators and purchasers of this service.

Tycoon’s operation is quite sophisticated. It creates fake websites, steals session tokens to bypass MFA, and then hijacks accounts to commit financial fraud. According to Microsoft, by mid-2025, Tycoon accounted for up to 62% of blocked phishing incidents, with over 30 million emails caught in just one month. This number highlights the scale of the problem.

Everything has a price. A CertiK report indicates that phishing caused $722 million in damages in 2025. Even though Tycoon has been dismantled, phishing remains a major threat to anyone investing in cryptocurrencies. The lesson here is that you can never trust any email or link blindly, even if they look legitimate. Always double-check, use a hardware wallet if possible, and never share seed phrases or private keys with anyone.