The US Department of the Treasury has imposed sanctions on the Philippines-based technology firm Funnull Technology for its involvement in supporting cyber scams that resulted in over $200m in losses for American citizens.
Funnull Technology facilitated these scams by purchasing IP addresses in bulk from cloud service providers and selling them to cybercriminals. These criminals used the IP addresses to host malicious websites, particularly for virtual currency investment scams known as “romance baiting” and “pig butchering.”
These scams typically involve criminals contacting victims via dating sites, social media, and messaging apps. They build trust with the victims before luring them into fraudulent investment schemes. Instead of investing the money, the fraudsters divert it to accounts they control.
Funnull Technology also used domain generation algorithms to create numerous unique domain names and provided web design templates that mimic trusted brands, aiding cybercriminals in avoiding detection by quickly switching IP addresses and domains.
US Treasury freezes assets of Funnull Technology and administrator Liu Lizhi
The US Treasury’s Office of Foreign Assets Control (OFAC) has also sanctioned Liu Lizhi, a Chinese national who served as Funnull’s administrator. Lizhi managed the company’s employees and oversaw their tasks.
As a result of these sanctions, US citizens and organisations are barred from conducting transactions with Funnull and Lizhi. Their US assets will be frozen, and financial institutions and foreign entities involved could face penalties.
“Today’s action underscores our focus on disrupting the criminal enterprises, like Funnull, that enable these cyber scams and deprive Americans of their hard-earned savings,” said Deputy Secretary of the Treasury Michael Faulkender. “The United States is strongly committed to ensuring the continued growth of a legitimate, safe, and secure digital asset ecosystem, including the use of virtual currencies and similar technologies.”
Additionally, the Federal Bureau of Investigation (FBI) has issued a flash alert providing technical details about the IP addresses and domains linked to Funnull’s cyber scam operations.
“Since January 2025, the FBI has identified 548 unique Funnull Canonical Names (CNAME) linked to over 332,000 unique domains. In April 2025, a sample of eight domains were analysed to depict a CNAME analysis that resolved to four CNAMEs tied to Funnull infrastructure. Between February 2023 and April 2025, the eight domains showed three different patterns of CNAME activity,” said the FBI.
“Between October 2023 and April 2025, multiple patterns of IP address activity were observed from several domains using Funnull infrastructure. During this time frame, hundreds of domains using Funnull infrastructure simultaneously migrated from one IP address to another either on the same exact day or within the same timeframe.”
Read more: FBI alerts law firms to rising threat of Silent Ransom Group’s extortion tactics
