🐷 What Are “Pig Butchering” Scams?
“Pig butchering” scams are long-con frauds where criminals build fake online relationships—often romantic—to trick victims into investing in bogus crypto platforms. Victims are “fattened up” with fake profits before being scammed out of their savings.
According to the U.S. Treasury, more than $200 million in American funds were stolen using infrastructure linked to Funnull Technology Inc., a Philippines-based cloud provider.
🌐 Why Funnull Was Sanctioned
Funnull allegedly provided technical infrastructure that enabled scam operators to thrive by:
-
Leasing IP addresses from AWS and Azure, then distributing them to phishing and scam websites.
-
Hosting crypto scam websites with quick domain-switching to evade detection.
-
Supporting wallets and payment gateways used in laundering stolen funds.
The Treasury also sanctioned Liu Lizhi, a Chinese national operating behind Funnull.
💡 Why Pig Butchering Uses U.S.-Based Cloud Services
Cybercriminals favor hosting through U.S. cloud providers to:
-
Avoid geo-blocking and improve speed to Western victims.
-
Lend legitimacy to scam IPs and domains.
-
Delay takedown requests by hiding behind shared infrastructure.
⚖️ Global Response: U.S. and EU Crack Down
The U.S. Treasury and EU authorities are taking coordinated action:
-
Sanctioning cloud providers like Funnull.
-
Freezing crypto wallets connected to scam operations.
-
Increasing scrutiny on infrastructure leasing practices.
👉 Read the Reuters coverage
🛡️ Cybersecurity Takeaways
| Stakeholder | Recommended Action |
|---|---|
| Cloud Providers | Tighten vetting, block abuse vectors, monitor suspicious use |
| Security Teams | Block sanctioned IPs, use threat intel feeds |
| Blockchain Analysts | Track scam-linked wallets using Chainalysis tools |
| Policy Makers | Mandate accountability for infrastructure misuse |
🧠 Expert Insight
-
Elliptic: Tracked crypto wallet activity tied to Funnull.
-
Chainalysis: Identified pig butchering scam clusters and wallet flows.
-
Silent Push: Helped uncover domain rotation and abuse infrastructure.
✅ Final Thoughts
Funnull’s sanction is a bold step in dismantling global cyberfraud networks. It highlights a growing trend: “Infrastructure laundering” via cloud platforms. To combat this, defenders must collaborate across security, cloud, and crypto sectors—and remain ever vigilant.