US Sanctions Funnull Over ‘Pig Butchering’ Crypto Scams
The U.S. government has imposed sanctions on Funnull, a tech company accused of facilitating cybercriminals involved in “pig butchering” crypto scams. These scams have reportedly caused over $200 million in losses to American victims.
The Treasury’s Office of Foreign Assets Control (OFAC) announced the sanctions on Thursday, stating that Funnull is “linked to the majority of virtual currency investment scam websites reported to the FBI.” According to the Treasury, victims have lost an average of $150,000 each, though the total losses are likely underestimated due to unreported cases.
Pig butchering scams involve criminals who build relationships with victims online, often feigning romantic interest, to trick them into investing in fraudulent crypto projects. These schemes have become increasingly prevalent and financially devastating.
Funnull, based in the Philippines and run by Chinese national Liu Lizhi (who was also sanctioned), allegedly generated domain names and provided web design templates to cybercriminals, the Treasury said. This infrastructure enables scammers to impersonate trusted brands and quickly switch domains and IP addresses to evade detection.
“These services not only make it easier for cybercriminals to impersonate trusted brands when creating scam websites, but also allow them to quickly change to different domain names and IP addresses when legitimate providers attempt to take the websites down,” the Treasury stated.
The FBI has also released an alert with further details on these activities, highlighting the severity and scope of the problem.
Funnull’s activities extend to supply chain attacks. The Treasury referenced the Polyfill supply chain attack, noting that Funnull “purchased a repository of code used by web developers and maliciously altered the code to redirect visitors of legitimate websites to scam websites and online gambling sites, some of which are linked to Chinese criminal money laundering operations.”
Silent Push researchers previously linked Funnull to the Polyfill supply chain attack, where malware was injected into websites using Polyfill’s code, redirecting users to a network of malicious casino and gambling sites.
Zach Edwards, a researcher at Silent Push, stated that he was “really glad to see the facts aligned with our suspicions” regarding the Treasury’s actions against Funnull.
“It’s encouraging that the Treasury has taken actions against the largest pig butchering and money laundering network that exists targeting people in the U.S., but we know that more needs to be done,” said Edwards. “This effort from Funnull is the tip of the iceberg for what is actually going on right now out of China with financial schemes targeting Americans.”
He added, “Global threat actors that are targeting Americans with financial scams need to be held accountable, and doxing the companies they work with and the individuals who run those companies, is an important first step.”
