US Treasury Sanctions Cyber Group That Scammed Americans Out of $200 Million

The scams involve convincing potential victims to invest virtual currency on fake websites designed to look like other, legitimate investment platforms.
US Treasury Sanctions Cyber Group That Scammed Americans Out of $200 Million
The U.S. Department of the Treasury in Washington on May 21, 2025. Madalina Vasiliu/The Epoch Times
|Updated:
0:00
The Department of the Treasury on May 29 sanctioned Funnull Technology Inc., a Philippines-based company that facilitated the majority of the virtual currency investment scams that have been reported to the FBI.

“Today’s action underscores our focus on disrupting the criminal enterprises, like Funnull, that enable these cyber scams and deprive Americans of their hard-earned savings,” Deputy Secretary of the Treasury Michael Faulkender said in a statement.

Funnull administrator Liu Lizhi, a Chinese national, was also sanctioned.

The virtual currency investment scams, known as “pig butchering,” involve convincing potential victims to invest virtual currency on fake websites designed to look like other, legitimate investment platforms. Perpetrators often pose as friends or romantic partners to persuade victims to invest cryptocurrency on the fake platforms.

Funnull allegedly purchases IP addresses in bulk from legitimate providers, generates domains for use on these IP addresses, and then, according to the Treasury, resells them to cybercriminals who use them to host scam websites and platforms. The service allows scammers to purchase several unique but similar sites to impersonate other brands and quickly change domains and IP addresses.

Victims of scams that link back to Funnull have reported more than $200 million in losses, with the average victim scammed out of $150,000. According to the Treasury, losses due to these scams reached record levels in 2024.

In 2024, Funnull also allegedly engaged in an attack that redirected visitors of more than 100,000 legitimate sites instead to scam platforms, gambling sites, and sites linked to Chinese criminal money laundering operations.

The FBI issued an advisory on May 29 with a list of 548 Funnull domain name systems linked to more than 332,000 domains.
In January, cybersecurity company Silent Push published a report accusing Funnull of this behavior, describing it as “infrastructure laundering.”

The report described how Funnull would continuously rent IP addresses from providers like Amazon Web Services and Microsoft Azure faster than the providers could ban Funnull, occasionally via illicit means. Amazon Web Services issued a public statement in response to the report, confirming it had also been investigating Funnull and suspending its accounts.

According to the Treasury and Silent Push, the cybercriminals linked to Funnull are largely based in Southeast Asia.

The Treasury’s Financial Crimes Enforcement Network says these scam rings often use labor trafficking to conduct outreach around the world. It issued an advisory in 2023 about the rise of these scams.

In some cases, victims are persuaded to invest via foreign currency exchange schemes rather than with cryptocurrency.

Law enforcement estimates that Americans have lost billions to these and other cryptocurrency schemes.

Google LogoMark Us Preferred on Google
Catherine Yang
Catherine Yang
Author
Catherine Yang has been with The Epoch Times in New York since 2008. She also launched and previously served as chief editor of American Essence magazine and Epoch Health.