The US Treasury Department on Thursday announced sanctions against a Philippines-based company for providing infrastructure to hundreds of thousands of websites involved in cryptocurrency investment fraud (CIF) scams.
The sanctions were announced against Funnull Technology Inc., and its administrator, Liu Lizhi, for facilitating CIF schemes that let to more than $200 million in losses to US victims, the department said.
Also referred to as ‘pig butchering’, these types of scams rely on fictitious identities and elaborate storylines to gain the intended victims’ trust, convince them to invest in virtual assets on fake platforms, and steal their money.
Funnull is accused of purchasing IP addresses in bulk from major cloud providers and then sells them to cybercriminals to host their scam sites and other malicious content.
The company uses domain generation algorithms (DGAs) to generate names for the websites hosted on these IP addresses, and provides cybercriminals with web design templates.
“These services not only make it easier for cybercriminals to impersonate trusted brands when creating scam websites, but also allow them to quickly change to different domain names and IP addresses when legitimate providers attempt to take the websites down,” the Treasury Department said.
A fresh FBI alert (PDF) links 548 unique Funnull Canonical Names (CNAME) to more than 332,000 unique domains, noting that “multiple patterns of IP address activity were observed from several domains using Funnull infrastructure.”
Between October 2023 and April 2025, the FBI says, “hundreds of domains using Funnull infrastructure simultaneously migrated from one IP address to another either on the same exact day or within the same timeframe.”
Liu Lizhi, a Chinese national, was involved in managing Funnull employee’s performance and tasks, which included assigning domain names, including for websites used in CIF and phishing scams.
“The sanctions against Funnull and Liu Lizhi are an interesting move for OFAC. It points to how deeply IaaS abuse has scaled and evolved to support cyber fraud. This is intentional, active facilitation of large-scale financial crimes using this technology,” Exabeam’s Gabrielle Hempel commented.
“This is also going to spur changes (hopefully) in the next phase of hosting—the fact that they purchased cloud IP blocks in bulk highlights a critical vulnerability in the cloud ecosystem: the lack of Know-Your-Customer (KYC) enforcement at scale among cloud service providers,” Hempel continued.
Related: US Sanctions Myanmar Militia Involved in Cyber Scams
Related: US Lifts Sanctions Against Crypto Mixer Tornado Cash
Related: Spyware Maker NSO Ordered to Pay $167 Million Over WhatsApp Hack
Related: Countries Shore Up Digital Defenses as Global Tensions Rise
