Police agencies from the UK and the Netherlands have arrested six people in connection with the theft of €24 million ($27 million) worth of cryptocurrency.

According to a statement, the gang stole Bitcoin BTC from at least 4,000 victims across 12 countries. This is likely just the start, as more are beleived to have been affected; victims continue to come forward.

Following a 14-month long investigation, the group of five men and one woman were arrested at their homes in the south of England, Amsterdam, and Rotterdam, in a coordinated operation yesterday.

Beyond this, details are sparse, but it appears the group was running a website that impersonated a “well-known online cryptocurrency exchange,” Europol said in the statement. The law enforcement agency has not said which exchange, though.

It’s believed the group used “typosquatting,” a technique which uses misspelled URLs, to trick victims into thinking they’re on their desired website, when in fact they’re not.

The website impersonates the genuine site, and when the user attempts to log in, it will forward sensitive user details to the bad actors. These details can then easily be used to drain Bitcoin wallets and exchange accounts.

Another cryptocurrency scam recently used a similar tactic to run a fake token sale. Cyber-baddies impersonated Facebook’s Calibra website, with one minor change to the “i” in the URL. Rather than Calibra.com, the scammers use Calìbra.com to trick users into thinking they’re on the legitimate site.

Hard Fork has contacted Europol to learn more as the story develops.