Europol, in conjunction with the United Kingdom’s South West Regional Cyber Crime Unit, the Dutch police, Eurojust, and the U.K.’s National Crime Agency (NCA), has coordinated the arrests of six people suspected of stealing over $27 million in cryptocurrency, according to a press release on June 25.

The attackers reportedly were involved in typosquatting, a fraudulent means to steal credentials by setting up a scam website with a similar name to an established one—hence the “typo” in “typosquatting”—and then recording login data. 

In this case, the report notes that Europol believes the hackers were able to use typosquatting to steal login details, letting them gain access to client wallets and the funds inside. Europol reports that the hackers used this scheme to steal from at least 4,000 bitcoin (BTC) users in 12 different countries.

The six individuals were reportedly based in the U.K. and the Netherlands. As per the report, Europol provided coordination for the British and Dutch agencies, who shared information and evidence at their headquarters preceding the arrests.

As previously reported by Cointelegraph, malware watchdogs found a Cryptohopper clone website stealing crypto login credentials. The website uses the same logo as the genuine crypto trading tools website Cryptohopper to trick users into installing its executable, which downloads and runs mining and clipping trojans designed to steal cryptocurrency.