Attackers targeted specific geographic regions to earn millions of cryptocurrency from victims. Users search with the keyword blockchain or bitcoin wallet the spoofed links that look legitimate appears at the top and servers the content in native language based on the location of victims. The attack works as follows. The Coinhoarder made heavy use of typosquatting and brand spoofing methods to make the domains more convincing, they also used international domain names appears as like English.”]

