Authorities Shut Down Tycoon 2FA Phishing Platform Used to Bypass MFA

Europol and partners dismantle Tycoon 2FA phishing service used to bypass MFA, disrupting a global phishing-as-a-service operation targeting organisations.

A coordinated international operation has dismantled one of the most widely used phishing platforms designed to bypass multi-factor authentication. The service, known as Tycoon 2FA, powered large-scale credential theft campaigns that targeted organisations worldwide.

The operation, led by Europol, brought together investigators, cybersecurity companies, and infrastructure providers to dismantle the service’s infrastructure. As part of the disruption, authorities and industry partners seized hundreds of domains and disabled key components of the platform’s phishing infrastructure.

A phishing service built for scale

Tycoon 2FA operated as a phishing-as-a-service (PhaaS) offering cybercriminals a ready-made toolkit to run credential-harvesting campaigns with little technical expertise. Subscribers could rent access through encrypted messaging channels such as Telegram, paying around $120 for short-term access or more for full panel control.

The paid package included phishing templates ...