The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has imposed sanctions on Funnull Technology Inc., a Philippines-based company, and its administrator, Liu Lizhi, for their involvement in facilitating extensive romance baiting scams that have resulted in significant cryptocurrency losses. These scams have led to over $200 million in reported losses from U.S. victims, with individual losses averaging more than $150,000.
Funnull Technology Inc., also known as Fang Neng CDN, operates under domains such as funnull.io, funnull.com, funnull.app, and funnull.buzz. The company first drew attention in June 2024 when it was implicated in a supply chain attack involving the widely-used Polyfill.io JavaScript library. This attack redirected users from legitimate websites to malicious sites, highlighting Funnull’s role in cybercriminal activities.
Further investigations by cybersecurity firm Silent Push revealed that Funnull’s infrastructure supports a range of illicit activities, including investment scams, fake trading applications, and dubious gambling networks. This network, referred to as the Triad Nexus, employs a tactic known as infrastructure laundering. In this scheme, Funnull rents IP addresses from reputable cloud service providers like Amazon Web Services (AWS) and Microsoft Azure to host fraudulent websites, thereby masking their malicious intent.
The Treasury Department detailed that Funnull acquires large quantities of IP addresses from major cloud services and resells them to cybercriminals. These criminals use the infrastructure to host scam platforms and other malicious web content. Funnull utilizes domain generation algorithms (DGAs) to create numerous similar but unique domain names, facilitating the rapid deployment and rotation of scam websites. This strategy complicates efforts by legitimate providers to dismantle these fraudulent sites.
Additionally, Funnull’s acquisition of Polyfill.io was allegedly intended to redirect visitors from legitimate websites to scam and online gambling sites. Some of these sites are reportedly linked to Chinese criminal money laundering operations, further entangling Funnull in international cybercrime activities.
The Treasury’s sanctions also target Liu Lizhi, a Chinese national identified as Funnull’s administrator. Liu is accused of overseeing the assignment of domain names to criminal actors involved in virtual currency investment fraud, phishing scams, and online gambling operations. Documents obtained by authorities reportedly contain information about the company’s employees, their performance, and their roles in these illicit activities.
In a related development, the U.S. Federal Bureau of Investigation (FBI) issued a flash alert identifying 548 unique Funnull Canonical Names (CNAME) linked to over 332,000 unique domains since January 2025. The FBI observed patterns of IP address activity indicating coordinated efforts to migrate domains using Funnull infrastructure, further underscoring the company’s role in facilitating widespread cybercriminal operations.
These sanctions reflect the U.S. government’s commitment to combating cyber-enabled financial fraud and protecting individuals from sophisticated online scams. By targeting entities like Funnull Technology Inc. and individuals such as Liu Lizhi, authorities aim to disrupt the infrastructure supporting these fraudulent schemes and hold those responsible accountable for their actions.
