US Sanctions Cloud Provider 'Funnull' As Top Source of 'Pig Butchering' Scams
The U.S. government has taken a significant step in cracking down on cybercrime by imposing economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams known as "pig butchering." This move comes hot on the heels of a damning report from KrebsOnSecurity, which exposed Funnull's role in facilitating these devastating scams.
In January 2025, KrebsOnSecurity detailed how Funnull was being used as a content delivery network that catered to cybercriminals seeking to route their traffic through U.S.-based cloud providers. The report revealed a shocking truth: Americans lose billions of dollars annually to these cyber scams, with revenues generated from these crimes rising to record levels in 2024.
The U.S. Department of the Treasury has issued a statement condemning Funnull's actions, stating that the company "has directly facilitated several of these schemes, resulting in over $200 million in U.S. victim-reported losses." The agency also noted that Funnull's operations are linked to the majority of virtual currency investment scam websites reported to the FBI.
The Treasury Department's decision to sanction Funnull and its 40-year-old Chinese administrator Liu Lizhi is a significant blow to cybercriminals worldwide. "Americans lose billions of dollars annually to these cyber scams, with revenues generated from these crimes rising to record levels in 2024," reads the statement. "Funnull has directly facilitated several of these schemes, resulting in over $200 million in U.S. victim-reported losses."
Pig butchering is a rampant form of fraud that lures people online into investing in fraudulent cryptocurrency trading platforms. Victims are coached to invest more and more money into what appears to be an extremely profitable trading platform, only to find their money is gone when they wish to cash out. The scammers often insist that investors pay additional "taxes" on their crypto "earnings" before they can see their invested funds again (spoiler: they never do).
A shocking number of people have lost six figures or more through these pig butchering scams, leaving a trail of devastation in its wake. The FBI has released a technical writeup of the infrastructure used to manage the malicious Funnull domains between October 2023 and April 2025.
KrebsOnSecurity's January story on Funnull was based on research from the security firm Silent Push, which discovered in October 2024 that a vast number of domains hosted via Funnull were promoting gambling sites that bore the logo of the Suncity Group, a Chinese entity named in a 2024 UN report for laundering millions of dollars for the North Korean state-sponsored hacking group Lazarus.
Silent Push found Funnull was a criminal content delivery network (CDN) that carried a great deal of traffic tied to scam websites, funneling the traffic through a dizzying chain of auto-generated domain names and U.S.-based cloud providers before redirecting to malicious or phishous websites. This report serves as a stark reminder of the need for increased vigilance in protecting ourselves from these cyber threats.