MokN Raises $15 Million Series A to Flip the Script on Credential Theft

Prior to this round, MokN had raised €2.6 million in seed funding in October 2025, led by Moonfire with participation from OVNI Capital, Kima Ventures, and business angels . By the time of that raise, the company had already crossed $1 million in annual recurring revenue and signed 26 clients .

Why credentials are the worst vulnerability

Credential theft remains the single easiest attack vector. MokN's central premise is that perimeter defenses, security awareness training, and even MFA are insufficient once a password is stolen. Attackers map an organization's Internet-exposed assets and test compromised credentials across every login page they can find. This testing phase happens in a blind spot: the credentials are already compromised, but no breach has yet occurred .

Traditional monitoring tools only learn about stolen credentials after they appear on the dark web or are used in a detectable attack. By then, the window for prevention has closed. MokN's technology injects a detection point directly into the attacker's reconnaissance step, turning their own testing behavior against them .

How Baits works: decoy portals that phish the phishers

MokN's first product, Baits, deploys hyper-realistic decoy authentication portals on the public Internet — fake SSL VPN login pages, webmail portals, SSO screens — that are indistinguishable from the real thing. These Baits are given enticing hostnames and configured to look like genuine corporate assets .

When attackers with stolen credentials scan the target's perimeter, they discover the decoy and attempt to authenticate. The decoy responds with a simple "login failed" message, while MokN's system validates the submitted credentials in real time against the organization's identity directory .

If the credentials are valid and compromised, a critical alert fires immediately. The security team can reset the password within minutes — before the attacker can use it against any real system . Baits are designed to filter out the enormous volume of background scanning and brute-force noise, only escalating verified credential misuse tied to actual attacker activity .

The setup is lightweight: organizations can deploy a Bait in roughly five minutes through MokN's SaaS infrastructure, requiring only a certificate upload and DNS configuration .

Active Identity Recovery: the broader strategy

MokN describes its overall approach as "Active Identity Recovery" — a proactive, deception-based identity protection strategy often referred to as "phish-back" . Rather than monitoring for breaches, the platform tricks attackers into voluntarily revealing credentials they have already stolen. The organization then rotates those compromised identities before any damage is done.

This model flips the economics of credential attacks. Attackers invest time and resources stealing a set of credentials, only to have them silently recovered and invalidated before they can be weaponized, sold, or used for lateral movement .

What's next: Lantern and a full-spectrum platform

MokN's website teases a second product called Lantern, described as an external attack surface management tool . Where Baits focuses on intercepting stolen credentials through deception, Lantern appears designed to help organizations see their perimeter the way an attacker does — identifying exposed assets, misconfigurations, and potential entry points before they can be exploited.

The company's stated goal is to let customers "combine credential deception with external attack surface management for full-spectrum protection" , positioning the platform as an integrated identity security suite rather than a single-product deception tool.

With $15 million in fresh capital, GV's backing, and a clear path into the U.S. market, MokN is betting that the best way to stop credential theft isn't to build higher walls — but to bait the thief into handing the keys back.