The US Treasury Department’s Office of Foreign Assets Control (OFAC) has imposed sanctions on the Philippines-based company named Funnull Technology Inc. and its administrator Liu Lizhi, providing infrastructure to implement romance bait scams that have led to massive cryptocurrency losses.
The Treasury accused Taguig Headquartered Company of enabling thousands of websites involved in crypto investment scams that have caused Americans to lose billions of dollars a year.
“Funnull directly promotes some of these schemes, resulting in more than $200 million in losses reported by US victims,” the agency said in a press release. The average loss is estimated to exceed $150,000 per individual.
Funnull, Fang Neng Cdn (also known as Funnull)[.]io, funnull[.]com, funnull[.]Apps, and Funnull[.]Buzz (Buzz) attracted attention in the cybersecurity community in June 2024 after being involved in a widely used polyfill supply chain attack[.]IO JavaScript Library.
Last year, an analysis by silent push revealed that Funnull-related infrastructure is being used to promote investment fraud, fake trading applications, and suspected gambling networks. The infrastructure is called the Triad Nexus.
Then, this early February, cybersecurity companies rented IP addresses from mainstream hosting providers such as Amazon Web Services (AWS) and Microsoft Azure, hosting detective websites, as Funnull was attributed to infrastructure washing practice.
Emphasizing this aspect, the Ministry of Finance said that Funnull will enable crypto investment scams by obtaining large amounts of IP addresses from major cloud services companies around the world and selling them to cybercriminals to host fraud platforms and other malicious web content.
“Funnull generates the domain name of the website for the IP address you purchased using Domain Generation Algorithms (DGA). This generates a number of similar unique names for the website and provides a web design template for Cybercriminals,” the agency pointed out.
“These services not only make it easier for cybercriminals to become trustworthy brands when creating scam websites, but also allow lawful providers to quickly change to different domain names and IP addresses when they try to remove their websites.”
The Treasury also accused Funnull of purchasing Polyfill[.]IO aims to redirect legitimate website visitors to websites and online gambling sites.
Additionally, the department claimed that manager Liu, a Chinese citizen, owns spreadsheets and other documents containing information about the company’s employees, their performances and progress in their work.
The tasks assigned to them included assigning domain names to criminals for crypto investment scams, phishing scams and online gambling sites.
In a standalone flash alert, the US Federal Bureau of Investigation (FBI) said it has identified 548 unique Funnull Canonical Names (CNAMEs) linked to over 332,000 unique domains since January 2025.
“We observed multiple patterns of IP address activity from several domains using the Funnull infrastructure between October 2023 and April 2025,” the FBI said. “During this time frame, hundreds of domains using the Funnull infrastructure have simultaneously migrated from one IP address to another on the same day or within the same time frame.”
Source link
