U.S. Sanctions Target Philippines-Based Company for Cryptocurrency Scams
The U.S. Department of the Treasury has imposed sanctions on a company named Funnull Technology Inc., based in the Philippines. The sanctions specifically target the firm and its administrator, Liu Lizhi, for facilitating romance baiting scams that have resulted in significant financial losses for individuals engaged in cryptocurrency investment.
Crippling Financial Impact on Victims
The Treasury’s allegations indicate that Funnull has played a crucial role in enabling thousands of websites dedicated to cryptocurrency investment scams. These fraudulent operations have allegedly cost American victims billions of dollars annually. According to the Treasury, the reported losses linked to Funnull have exceeded $200 million, with the average individual victim losing over $150,000. These numbers underscore the serious financial consequences of such scams, affecting many lives.
Connecting the Dots: Funnull and Cybercrime Infrastructure
Funnull, which also operates under names like Fang Neng CDN, garnered the attention of cybersecurity analysts in June 2024 after its connection to a supply chain attack involving the Polyfill.io JavaScript library became apparent. Silent Push, a cybersecurity research firm, unveiled that Funnull’s infrastructure is linked to various illicit activities, including investment scams, fraudulent trading applications, and dubious gambling networks—collectively referred to as “Triad Nexus.”
Earlier this year, further investigations revealed that Funnull was engaged in a practice known as infrastructure laundering. This involves renting IP addresses from reputable hosting providers like Amazon Web Services and Microsoft Azure, only to use them to support criminal enterprises.
Facilitating Fraud Through Backdoor Access
The Treasury’s announcement detailed how Funnull has been acquiring IP addresses in large quantities from major cloud service providers around the globe. These addresses are subsequently sold to cybercriminals, setting up platforms for scams and other nefarious online content. Additionally, Funnull employs domain generation algorithms (DGAs) to create numerous, similar domain names for these fraudulent websites, enabling the rapid deployment of new scam sites that can easily replace those that get shut down by law enforcement.
The ease with which cybercriminals can mimic trusted brands using Funnull’s services raises significant cybersecurity concerns. The company’s model allows scam operators not only to shift domains quickly but also to evade detection when legitimate service providers attempt to shut them down.
A Deep Dive into Suspicious Activities
In one notable accusation, the Treasury indicated that Funnull purchased the Polyfill.io service with the intent to redirect traffic from legitimate websites to fraudulent sites, including online gambling platforms that have been linked to Chinese criminal money laundering operations.
Evidence suggests that Liu, the administrator of Funnull, was in possession of sensitive spreadsheets and documents detailing operations, employee performance, and task assignments. These records included information related to the assignment of domain names for various scams, encompassing virtual currency investment fraud, phishing schemes, and online gambling sites.
FBI Findings on Funnull’s Operations
The FBI has provided additional insights, reporting that they identified 548 unique Canonical Names (CNAMEs) directly tied to Funnull, which in turn connect to over 332,000 distinct domain names since January 2025. They noted a concerning pattern of activity from multiple domains using Funnull infrastructure; from October 2023 to April 2025, many domains rapidly shifted their IP addresses, often migrating on the same day or within a short timeframe.
This proactive action by the Treasury and the FBI highlights the ongoing effort to combat the rising tide of cybercrime linked to cryptocurrency, as various agencies ramp up their enforcement measures against entities that facilitate such crimes.
