The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned Funnull Technology Inc., a Philippines-based company, along with its administrator Liu Lizhi, for facilitating extensive romance baiting scams that resulted in substantial cryptocurrency losses.
Operating out of Taguig, Philippines, Funnull allegedly provided technical support to thousands of fraudulent websites offering fake virtual currency investments, leading to billions in annual losses for Americans.
According to the Treasury’s statement, “Funnull has directly enabled several of these fraudulent schemes, with over $200 million in confirmed losses to U.S. victims alone.” On average, victims reported losing more than $150,000 each.
Cybersecurity Background
Funnull, also known as Fang Neng CDN (using domains like funnull[.]io, funnull[.]com, funnull[.]app, and funnull[.]buzz), first came under the cybersecurity spotlight in June 2024 when it was linked to the compromise of the Polyfill[.]io JavaScript library—a widely used resource in web development.
Research from Silent Push in 2024 revealed that Funnull’s infrastructure was exploited to run various crypto investment scams, deceptive trading apps, and suspicious gambling platforms. This infrastructure has been referred to as “Triad Nexus” by cybersecurity experts.
In February 2025, cybersecurity researchers noted that Funnull engaged in “infrastructure laundering.” This technique involves leasing IP addresses from reputable cloud providers like AWS and Microsoft Azure to set up fraudulent sites.
The Treasury emphasized that Funnull obtained large batches of IP addresses from these providers and sold them to cybercriminals, enabling them to host crypto scam websites and other malicious content.
Moreover, Funnull’s use of domain generation algorithms (DGAs)—software that creates unique domain names—made it easier for scammers to quickly adapt and maintain online presence even when security teams attempted takedowns.
The Treasury also alleged that Funnull purchased the Polyfill[.]io JavaScript resource to redirect traffic from legitimate sites to their scam and gambling sites, some linked to Chinese money-laundering operations.
Key Findings & FBI Alert
Funnull’s administrator, Liu Lizhi, is said to have maintained detailed records on employee assignments, which included provisioning domains for phishing scams, investment fraud, and gambling platforms.
A recent FBI “flash alert” revealed that since January 2025, the agency had identified 548 Funnull-associated Canonical Names (CNAMEs) tied to over 332,000 domains.
Between October 2023 and April 2025, numerous domains using Funnull’s resources were seen migrating en masse to new IP addresses—often shifting within the same day or short periods.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
