The U.S. government imposed sanctions on FUNNULL, a company accused of providing infrastructure for cybercriminals running so-called “pig butchering” crypto scams that have led to $200 million in losses for Americans victims.
On Thursday, the Treasury’s Office of Foreign Assets Control announced the sanctions, saying FUNNULL is “linked to the majority of virtual currency investment scam websites reported to the FBI.” The press release said that the $200 million in losses results in an average loss of $150,000 per victim, but that the numbers “likely underestimate the total losses, as many victims of scams do not report the crime.”
Pig butchering scams involve criminals approaching victims online, often pretending to be interested in a romantic relationship, with the goal of tricking the victims into sending them money to invest in non-existent crypto projects.
According to the Treasury, FUNNULL is based in the Philippines and run by Chinese-national Liu Lizhi, who was also sanctioned on Thursday.
FUNNULL, according to the Treasury, generated domain names for websites on IP addresses it owns, and provided “web design templates to cybercriminals.”
“These services not only make it easier for cybercriminals to impersonate trusted brands when creating scam websites, but also allow them to quickly change to different domain names and IP addresses when legitimate providers attempt to take the websites down,” the Treasury said.
The FBI released an alert including more information about these activities.
Save now through June 4 for TechCrunch Sessions: AI
Save $300 on your ticket to TC Sessions: AI—and get 50% off a second. Hear from leaders at OpenAI, Anthropic, Khosla Ventures, and more during a full day of expert insights, hands-on workshops, and high-impact networking. These low-rate deals disappear when the doors open on June 5.
Exhibit at TechCrunch Sessions: AI
Secure your spot at TC Sessions: AI and show 1,200+ decision-makers what you’ve built — without the big spend. Available through May 9 or while tables last.
REGISTER NOW
The Treasury referred to the Polyfill supply chain attack in its press release, saying FUNNULL “purchased a repository of code used by web developers and maliciously altered the code to redirect visitors of legitimate websites to scam websites and online gambling sites, some of which are linked to Chinese criminal money laundering operations.”
Those activities are exactly what researchers from cybersecurity firm Silent Push accused FUNNULL of carrying out last year. Researchers found that FUNNULL was responsible for the Polyfill supply chain attack, which was launched to push malware to whoever visited websites that used Polyfill’s code. The goal was to redirect users to a malicious network of casino and online gambling sites, the researchers found.
Contact Us
Do you have more information FUNNULL, or other companies facilitating scams? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email.
Zach Edwards, a researcher at Silent Push who worked on the FUNNULL report last year, told TechCrunch that he was “really glad to see the facts aligned with our suspicions.”
“It’s encouraging that the Treasury has taken actions against the largest pig butchering and money laundering network that exists targeting people in the U.S., but we know that more needs to be done,” said Edwards. “This effort from FUNNULL is the tip of the iceberg for what is actually going on right now out of China with financial schemes targeting Americans.”
“Global threat actors that are targeting Americans with financial scams need to be held accountable, and doxing the companies they work with and the individuals who run those companies, is an important first step,” he added.