U.S. authorities have sanctioned Funnull Technology Inc., a Philippines-based company, and its administrator Liu Lizhi, for their role in facilitating widespread romance baiting and cryptocurrency fraud, commonly known as "pig butchering" scams. These scams have reportedly led to over $200 million in losses for U.S. victims, with individual losses often exceeding $150,000.

U.S. Sanctions Funnull Over $200 Million Crypto Fraud

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has imposed sanctions on Funnull Technology Inc. and its administrator, Liu Lizhi. The company, headquartered in Taguig, Philippines, is accused of providing critical infrastructure that enabled thousands of fraudulent websites involved in virtual currency investment scams. These operations have resulted in significant financial harm to American citizens.

The Modus Operandi of Funnull

Funnull, also identified as Fang Neng CDN, facilitated these scams through a sophisticated infrastructure laundering scheme. The company acquired bulk IP addresses from major cloud service providers like Amazon Web Services (AWS) and Microsoft Azure, then resold them to cybercriminals. These criminals used Funnull's services to host scam platforms and other malicious web content.

Key aspects of Funnull's operations included:

• Domain Generation Algorithms (DGAs): Funnull provided programs that generated numerous similar but unique domain names for scam websites.

• Web Design Templates: The company offered templates that allowed cybercriminals to easily impersonate trusted brands.

• Evasion Techniques: Funnull's services enabled criminals to quickly switch domain names and IP addresses, making it difficult for legitimate providers to shut down fraudulent sites.

Connection to Polyfill.io Scandal

Funnull first drew cybersecurity community attention in June 2024 following its implication in a supply chain attack involving the widely used Polyfill.io JavaScript library. The Treasury Department alleges that Funnull purchased Polyfill.io with the intent to redirect visitors from legitimate websites to scam and online gambling sites, some of which are linked to Chinese criminal money laundering operations.

Administrator's Involvement and FBI Findings

Liu Lizhi, a Chinese national and Funnull's administrator, was found to possess documents detailing employee performance and tasks. These tasks included assigning domain names for various illicit activities, such as virtual currency investment fraud, phishing scams, and online gambling. The FBI's flash alert revealed that since January 2025, they identified 548 unique Funnull Canonical Names (CNAMEs) linked to over 332,000 unique domains. Between October 2023 and April 2025, hundreds of domains using Funnull's infrastructure simultaneously migrated IP addresses, indicating a coordinated effort to evade detection.

Key Takeaways

• U.S. sanctions target Funnull Technology Inc. and Liu Lizhi for enabling romance baiting crypto fraud.

• Over $200 million in U.S. victim-reported losses, with average individual losses exceeding $150,000.

• Funnull provided infrastructure, including IP addresses from major cloud providers, domain generation algorithms, and web design templates, to cybercriminals.

• The company was implicated in the Polyfill.io supply chain attack, redirecting users to scam and gambling sites.

• FBI identified over 332,000 unique domains linked to Funnull's infrastructure since January 2025.

This action by the U.S. Treasury and FBI underscores a concerted effort to disrupt the financial infrastructure supporting these pervasive cyber scams.

Sources

• U.S. Sanctions Funnull for $200M Romance Baiting Scams Tied to Crypto Fraud, The Hacker News.

• FBI, Treasury move against top pig butchering scam host • The Register, The Register.