The Shadowy World of Sanctioned Cybercriminals: Why Big Tech’s Weak Links Are a Growing Threat

Did you know that a sanctioned individual, accused of orchestrating hundreds of millions of dollars in financial scams, continues to operate freely on some of the world’s largest tech platforms? It’s a startling reality, underscoring a critical gap in how the digital world handles international sanctions and the growing sophistication of cybercriminals.

The Case of Liu Lizhi and the “Pig Butchering” Scams

In May 2025, the U.S. government sanctioned Liu “Steve” Lizhi, a Chinese national, for his alleged role in operating Funnull Technology Inc., a company said to provide infrastructure for virtual currency investment scams, often called “pig butchering” schemes. These scams, which target individuals and often lead to devastating financial losses, are becoming increasingly prevalent. The U.S. Treasury Department accused Funnull of facilitating financial schemes resulting in over $200 million in losses by Americans. Yet, despite the sanctions, Lizhi allegedly maintained active accounts on platforms like Facebook, PayPal, and even GitHub.

The “Pig Butchering” Scam Epidemic: A Deep Dive

The term “pig butchering” refers to a particularly insidious type of investment scam. Fraudsters often build a romantic or friendly relationship with the victim, before convincing them to invest in fake opportunities. The FBI reported nearly 150,000 complaints last year involving digital assets and $9.3 billion in losses – with investment scams being the top crypto-related crimes reported. These scams often originate in Southeast Asia, making international cooperation and enforcement difficult.

Big Tech’s Compliance Problem: Sanctions vs. Reality

The primary issue here is that while financial institutions have robust systems to comply with Office of Foreign Assets Control (OFAC) sanctions, *tech companies* often lag. This disparity creates a significant vulnerability. These firms face a unique challenge: verifying the identity and compliance status of millions, sometimes billions, of users across the globe. Free accounts, in particular, may not receive the same level of scrutiny as premium subscriptions.

GitHub’s Approach: Balancing Access and Compliance

Even platforms like GitHub, which host essential tools for software developers, struggle to balance sanctions compliance with their commitment to the open-source community. GitHub’s policy involves locking sanctioned accounts rather than deleting them, which allows the continued availability of code repositories. As the security firm Silent Push’s Zach Edwards stated: “[The accounts] an odd message that doesn’t communicate, ‘This is a sanctioned entity, don’t fork this code or use it in a production environment’”. The current approach raises concerns about the potential for misuse of code by sanctioned individuals, and the transparency of the risk involved. The accessibility of code repositories hosted by sanctioned individuals could present a significant threat in the long run.

The Future of Sanctions Enforcement in the Digital Age

The Lizhi case is a harbinger of future problems. The trend of increasingly sophisticated cybercrime, combined with lax enforcement by tech platforms, requires urgent action. As Funnull demonstrates, cybercriminals are becoming increasingly adept at adapting to sanctions, using techniques like domain generation algorithms (DGAs) to evade detection and shifting infrastructure quickly. This is also coupled with the use of supply-chain attacks, a technique whereby criminals like Lizhi have found workarounds to redirect visitors to malicious sites. To combat this effectively, enhanced collaboration between governments, tech companies, and security researchers is crucial.

Actionable Insights and Next Steps

What can be done to address these vulnerabilities? First, tech companies must invest in more robust screening processes and automated tools to identify sanctioned individuals. Second, governments need to provide clearer guidelines and incentives for tech companies to comply with sanctions. Third, security researchers and the public need to remain vigilant, and continuously monitor these platforms. Fourth, consumers need to be educated to spot scams. This requires a multi-faceted approach to ensure that the digital world does not become a haven for criminals.

This case underscores the critical need for tech companies to proactively address the challenges of sanctions enforcement in the digital age. The time for complacency is over; the cost of inaction is simply too high.
What are your thoughts on the measures needed to combat this rising threat? Share your views and predictions in the comments below.