Tycoon 2FA was a phishing-as-a-service platform renting AitM proxies to bypass MFA on sites like Microsoft logins—dismantled by Europol this week.

Does Europol takedown stop phishing forever?

No, but it disrupts PhaaS affiliates and proxies, buying time while forcing crooks to rebuild from scratch.

How does AitM bypass my 2FA?

It proxies your entire login flow, relaying real MFA challenges to you while stealing the approvals mid-session.

🎯 Threat Intelligence

Europol and Microsoft Shred Tycoon 2FA's MFA Bypass Machine

Phishing pros thought MFA was their playground. Europol, Microsoft, and crew just torched Tycoon 2FA's entire operation, yanking a key tool from cybercriminals' hands.

theAIcatchup Apr 08, 2026 4 min read

Europol operation dismantling Tycoon 2FA phishing servers with Microsoft and TrendAI logos

⚡ Key Takeaways

Europol-led coalition seized Tycoon 2FA servers, crypto, and affiliates using shared intel from Microsoft and TrendAI. 𝕏
AitM proxies make traditional MFA vulnerable by sitting between user and authenticator—passkeys are the fix. 𝕏
This takedown echoes darknet market busts, chilling PhaaS growth and exposing crime-as-service weak spots. 𝕏

Published by

theAIcatchup

Threat intelligence. Zero noise.

#AitM phishing #Europol takedown #MFA bypass #Tycoon 2FA #adversary-in-the-middle #phishing-as-a-service

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Trend Micro Research

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

Starkiller: The Proxy That Turns Real Logins into Criminal Goldmines

Storm-2755's Payroll Pirates: Hijacking Canadian Paychecks via Session Theft

AI's Dark Turn: How Hackers Made It Their Ultimate Cyber Weapon

Microsoft Device Code Phishing Ravages Hundreds Daily

Stay in the loop