The Office of Foreign Assets Control (OFAC) also designated Liu Lizhi, a Chinese national and administrator of Funnull, for his role in overseeing operations that provided critical infrastructure for the scams, including IP address leasing, domain generation, and web hosting services used by cybercriminals.
Deputy Treasury Secretary Michael Faulkender said:
“Today’s action underscores our focus on disrupting the criminal enterprises, like Funnull, that enable these cyber scams and deprive Americans of their hard-earned savings.”
According to the May 29 release, the firm operated by bulk-purchasing IP addresses from global cloud providers and leasing them to scammers, who used them to host investment scam websites that mimic legitimate trading platforms.
Funnull also offered tools like domain generation algorithms (DGAs) and pre-built website templates to make these operations appear more credible and evade takedowns.
According to Treasury officials, Funnull even embedded malicious code into legitimate websites, rerouting users to fraudulent investment pages and online gambling sites. Some of these redirection schemes have been tied to Chinese money laundering operations.
Liu Lizhi allegedly maintained detailed documentation of Funnull’s personnel, tracking their performance and task assignments, which included allocating domains to support phishing, gambling, and crypto fraud platforms.
Pig butchering scams, first spotlighted by the Treasury’s Financial Crimes Enforcement Network (FinCEN) in 2023, are largely operated by Southeast Asian crime syndicates using trafficked labor.
These schemes have evolved in sophistication, now often involving custom-built websites that appear legitimate and display fake investment returns. Funnull’s technology, including domain-spamming software and rapid infrastructure switching, enabled scammers to scale and persist across jurisdictions despite enforcement efforts.
The May 29 designation was issued under Executive Order 13694, as amended by E.O. 14144, which targets foreign cyber-enabled activities that threaten US national security and economic stability.
All of the firm’s property and interests in property within US jurisdiction are now blocked, and Americans are barred from engaging in transactions with them.
Treasury officials emphasized that these sanctions aim to penalize offenders and signal the US commitment to maintaining a secure and legitimate digital asset ecosystem.
Entities violating these sanctions face potential civil or criminal penalties. OFAC reminded financial institutions and others that transactions with designated individuals or entities may expose them to enforcement actions under strict liability standards.
While the sanctions are a significant step, OFAC noted that the goal is not merely punishment but to incentivize behavioral change and offer a pathway for removal from the Specially Designated Nationals (SDN) list if compliance is demonstrated.
The action marks a continued escalation in the US government’s crackdown on cyber-enabled financial fraud and underscores its intent to hold digital crime enablers accountable.
