The U.S. Division of Treasury’s Workplace of International Property Management (OFAC) has levied sanctions in opposition to a Philippines-based firm named Funnull Expertise Inc. and its administrator Liu Lizhi for offering infrastructure to conduct romance baiting scams that led to large cryptocurrency losses.
The Treasury accused the Taguig-headquartered firm of enabling 1000’s of internet sites concerned in digital foreign money funding scams that precipitated Individuals to lose billions of {dollars} yearly.
“Funnull has straight facilitated a number of of those schemes, leading to over $200 million in U.S. victim-reported losses,” the company mentioned in a press launch. The common loss is estimated to be over $150,000 per particular person.
Funnull, additionally referred to as Fang Neng CDN (funnull[.]io, funnull[.]com, funnull[.]app, and funnull[.]buzz), was first attracted the eye of the cybersecurity neighborhood in June 2024 after it was implicated within the provide chain assault of widely-used Polyfill[.]io JavaScript library.
Final 12 months, an evaluation by Silent Push revealed that the infrastructure related to Funnull has been used to advertise funding scams, pretend buying and selling functions, and suspect playing networks. The infrastructure has been codenamed Triad Nexus.
Then earlier this February, the cybersecurity firm attributed Funnull to a follow dubbed infrastructure laundering whereby the corporate rented IP addresses from mainstream internet hosting suppliers resembling Amazon Internet Companies (AWS) and Microsoft Azure to host legal web sites.
Highlighting this facet, the Treasury mentioned Funnull permits digital foreign money funding scams by buying IP addresses in bulk from main cloud companies corporations the world over and promoting them to cybercriminals to host rip-off platforms and different malicious internet content material.
“Funnull generates domains for web sites on its bought IP addresses utilizing area era algorithms (DGAs) – applications that generate massive numbers of comparable however distinctive names for web sites – and supplies internet design templates to cybercriminals,” the company identified.
“These companies not solely make it simpler for cybercriminals to impersonate trusted manufacturers when creating rip-off web sites but additionally permit them to shortly change to completely different domains and IP addresses when authentic suppliers try and take the web sites down.”
The Treasury additionally accused Funnull of buying Polyfill[.]io with the intent to redirect guests of authentic web sites to rip-off web sites and on-line playing websites, a few of which it mentioned are linked to Chinese language legal cash laundering operations.
Moreover, the division alleged that its administrator Liu, a Chinese language nationwide, was in possession of spreadsheets and different paperwork that contained details about the corporate’s staff, their efficiency, and their work progress.
The duties assigned to them included assigning domains to legal actors for digital foreign money funding fraud, phishing scams, and on-line playing websites.
In a standalone flash alert, the U.S. Federal Bureau of Investigation (FBI) mentioned it recognized 548 distinctive Funnull Canonical Names (CNAME) linked to over 332,000 distinctive domains since January 2025.
“Between October 2023 and April 2025, a number of patterns of IP deal with exercise had been noticed from a number of domains utilizing Funnull infrastructure,” the FBI mentioned. “Throughout this time-frame, a whole lot of domains utilizing Funnull infrastructure concurrently migrated from one IP deal with to a different both on the identical actual day or inside the similar timeframe.”
