sign up log in
Want to go ad-free? Find out how, here.

Google sues Chinese developers for alleged large-scale 'pig butchering' scams

Technology / news
Google sues Chinese developers for alleged large-scale 'pig butchering' scams

Over the weekend, Internet giant Google took legal action against two Chinese software developers that used the company's products and services for a large-scale fraud over the past four years.

The pair, Yungfeng Sun and Hongnam Cheung who also used the aliases Alphonse Sun, and Zhang Hongnim/Stanford Fischer respectively, are alleged to have used at least 87 fraudulent crypto currency apps distributed on Google's Play App Store, to target over 100,000 users.

Although Google "neither adopts nor endorses the use of this term", the developers are alleged to have engaged in a scam called "pig butchering". The name comes from scammers referring to victims as pigs that are to be fattened up before slaughter.

This is an online investment fraud that uses crypto currencies and other products, promising high returns for victims, who are hit with fees and payments demands when they ask to withdraw their staked money, which is not returned to them.

Victims worldwide suffered losses "from thousands, up to $75,000".

Sun is said to be a Shenzhen resident, and Cheung a Hong Konger, with both being accused of developing the fraudulent Google Play apps.

The apps in question had names like TionRT, Starlight, SkypeWallet, and OTCAI, and were marketed on social media platforms such as Instagram, Facebook, and TikTok. Google's YouTube video sharing site was also used, with actors hired to play officials of scam companies such as Skype Coin, with the same person using different names in different clips.

Affiliate marketing campaigns, which turned out to be bogus by themselves, were also used to push the scams and lure more users.

Since the scammers used multiple Google products such as Workspace, developer accounts, Gmail and YouTube, it was possible to link and track their activities.

Although Defendants attempted to obfuscate their connection to the apps by using a variety of different developer accounts and other infrastructure to register subsets of the apps, non-content business records maintained by Google and other publicly available information link the apps together, including by, among other things, overlapping links between registration email addresses and IP addresses used to host websites associated with the apps and their privacy policies

Google is seeking yet to be specified damages from Sun and Cheung, along with legal costs.

Pig butchering scams appear to be extremely lucrative for large networks of fraudsters, a recent study by researchers John Griffin and Kevin Mei at the University of Texas in Austin suggests.

Griffin and Mel traced cryptocurrency flows and found that the criminals moved at least US$75.3 billion in suspicious deposits, through Tether and exchanges such as Binance, Huobi, and OKX. 

The criminals running the pig butchering networks use slave labour for sending the scam messages, with thousands of victims being lured to countries such as Cambodia and Myanmar with bogus offers of high paying jobs. They are then trapped and forced to take part in the scams, sometimes under duress with violence and torture.

We welcome your comments below. If you are not already registered, please register to comment.

Remember we welcome robust, respectful and insightful debate. We don't welcome abusive or defamatory comments and will de-register those repeatedly making such comments. Our current comment policy is here.


Over the weekend, Internet giant Google took legal action against two Chinese software developers that used the company's products and services for a large-scale fraud over the past four years.

Of course Google could have acted much sooner. It doesn't take that much work to identify and restrict fraudulent crypto wallets. 


Wallets no but apps yes. Certainly google could have acted on the apps but they often did not, even as more people reported them. Because much of google support is automated or just at very base level with no ability to raise higher priority issues.

Also you are assuming a single dedicated wallet. Money laundering through crypto can involve hundreds of unique wallets in a chain splitting amounts and making the source and true endpoints more obscure, with any of the many endpoints leading to mules or yet more, trivial to set up by bots, wallet accounts. Washing money through multiple false fake wallet accounts that do not require a individual person to acquire means there is no way to clearly track where money has gone to which true endpoint individuals or orgs. Hence the amounts stolen are always considered a low estimate starting from the source of known funds going missing. The authors use the source point accounts and try to trace a chain following one line of multiple transactions to any endpoint then recording all transactions going into an endpoint (assuming all are fraudulent) and tracing all the transactions from nodes transacting with those nodes (assuming they are all fraudulent) and so on to try to get an idea of network size and node jumps. They hit walls where nodes do not share endpoints and can be in holding or looping. They know of some of the criminal endpoints as well so they take those points and try to trace all transactions going in and node transactions to those nodes transacting with some of the known endpoints and so on. Eventually some of the mesh network is identified but they impose limits as they cannot identify all sources or all endpoints.  

Google however is pinging the app developers, not tracking the starting, midpoint wallets or endpoint mule wallets who collected the funds or those who hold them (in many cases these cannot be identified clearly if the money laundering services are doing the job correctly). You see app developers need to be people. Especially if they submit apps to the app stores to be downloaded. Wallets do not need to link to people and the number of them can be limitless (not true infinite of course given hardware limitations but you get that innumerable wallets can be created with no true owners).

Edit: Hmm interesting the data on the multiple nodes in the transaction mesh networks lead the authors to believe "several criminal networks using the same group of front-end services" for their money laundering yikes well they get what they pay for. A service too cheap and lazy to not spin off a new branch for criminal organisation x and criminal organisation y or and some criminals who are not bothered enough to care to hide their transactions knowing the victims have little recourse in multiple foreign jurisdictions within a few degrees of separation (remember the joke you can relate to anyone in the world by 6 degrees of separation, well think that but with transaction layers, billions each trading and looping a small portion, just enough with transaction fees).