For nearly two years, a shadow service covertly provided cybercriminals with all the necessary tools to deceive people online. Now it is gone. Microsoft, Coinbase, Europol, and 10 other partners tore down Tycoon 2FA—a phishing-as-a-service platform that flooded inboxes with tens of millions of fake emails each month and cracked through multi-factor authentication, a security wall most people trusted completely.
Europol confirmed on Wednesday that Microsoft has pulled 330 active domains offline under a court order from the U.S. District Court for the Southern District of New York. The trail led investigators to Saad Fridi in Pakistan, identified as the man who built and ran the whole operation.
How Tycoon Worked
Tycoon provided criminals with a ready-to-use fraud kit. Fake websites, built to look identical to real ones, tricked users into handing over their login details. The platform then stole session cookies, which are small pieces of data the browser saves after a user logs in successfully with multi-factor authentication, letting attackers bypass the security check. Once a thief had that token, the authentication barrier simply ceased to exist.
The platform launched in August 2023 and never looked back. It grew to over 24,000 domains, served up to 2,000 paying criminals, and by mid-2025 was responsible for 62% of all the phishing attempts Microsoft intercepted—over 30 million emails in a single month. The platform primarily targeted Microsoft 365, Outlook, and Gmail, causing significant losses for hospitals, schools, and businesses.
Your completely free resource hub designed to boost your knowledge of cryptocurrencies
Crypto Payments Gave Investigators the Thread to Pull
Coinbase traced the blockchain transactions bankrolling Tycoon’s day-to-day operations, giving investigators the financial evidence needed to identify both the operator and the customers. The exchange says the pursuit of those customers continues.
The damage is stark. Crypto users lost $83.85 million to phishing last year, as per Scam Sniffer. This is a huge figure, but still an 83% drop from the $494 million that vanished in 2024.
