US Treasury Cracks Down on Philippines Tech Firm Fueling $200M Crypto Scam Frenzy

Another day, another crypto scam—except this one had a $200 million price tag. The US Treasury just slapped sanctions on a Philippines-based tech company accused of bankrolling a massive ’pig butchering’ scheme. Because nothing says ’financial innovation’ like old-school fraud with a blockchain veneer.

Pig butchering scams—where victims are fattened up with false promises before being cleaned out—are hardly new. But this operation allegedly used shell companies, fake identities, and yes, cryptocurrency to launder the loot. The Treasury didn’t name the firm, but the message is clear: regulators are sharpening their knives.

Meanwhile, crypto true believers will shrug and say ’not our problem’—right before the next rug pull drops. Stay skeptical out there.

Sophisticated scams

According to the May 29 release, the firm operated by bulk-purchasing IP addresses from global cloud providers and leasing them to scammers, who used them to host investment scam websites that mimic legitimate trading platforms.

Funnull also offered tools like domain generation algorithms (DGAs) and pre-built website templates to make these operations appear more credible and evade takedowns.

According to Treasury officials, Funnull even embedded malicious code into legitimate websites, rerouting users to fraudulent investment pages and online gambling sites. Some of these redirection schemes have been tied to Chinese money laundering operations.

Liu Lizhi allegedly maintained detailed documentation of Funnull’s personnel, tracking their performance and task assignments, which included allocating domains to support phishing, gambling, and crypto fraud platforms.

Pig butchering scams, first spotlighted by the Treasury’s Financial Crimes Enforcement Network (FinCEN) in 2023, are largely operated by Southeast Asian crime syndicates using trafficked labor.

Scammers use fake identities and emotionally manipulative storylines to build trust with victims, eventually persuading them to invest through fraudulent crypto platforms. Once the victim refuses to contribute more, the scammers cut off contact and disappear with the funds.

These schemes have evolved in sophistication, now often involving custom-built websites that appear legitimate and display fake investment returns. Funnull’s technology, including domain-spamming software and rapid infrastructure switching, enabled scammers to scale and persist across jurisdictions despite enforcement efforts.

Dismantling infrastructure behind crypto fraud

The May 29 designation was issued under Executive Order 13694, as amended by E.O. 14144, which targets foreign cyber-enabled activities that threaten US national security and economic stability.

All of the firm’s property and interests in property within US jurisdiction are now blocked, and Americans are barred from engaging in transactions with them.

The MOVE was coordinated with the FBI, which also issued a cybersecurity advisory outlining Funnull’s technical infrastructure and urging the public to report suspected scam activity via its Internet Crime Complaint Center (IC3).

Treasury officials emphasized that these sanctions aim to penalize offenders and signal the US commitment to maintaining a secure and legitimate digital asset ecosystem.

Entities violating these sanctions face potential civil or criminal penalties. OFAC reminded financial institutions and others that transactions with designated individuals or entities may expose them to enforcement actions under strict liability standards.

While the sanctions are a significant step, OFAC noted that the goal is not merely punishment but to incentivize behavioral change and offer a pathway for removal from the Specially Designated Nationals (SDN) list if compliance is demonstrated.

The action marks a continued escalation in the US government’s crackdown on cyber-enabled financial fraud and underscores its intent to hold digital crime enablers accountable.