Introduction
The FBI and the Department of the Treasury’s Office of Foreign Assets Control (OFAC) have taken decisive action against Funnull Technology Inc, a company based in the Philippines, for its involvement in a global cryptocurrency investment fraud network known as “pig butchering.” This operation has led to significant financial losses for American victims and involves sophisticated cybercriminal activities.
Description
The FBI and OFAC have issued a warning and imposed economic sanctions against Funnull Technology Inc, a Philippines-based company implicated in a global network of cryptocurrency investment fraud [5], commonly referred to as “pig butchering.” Funnull has been identified as a content delivery network that supports cybercriminals by routing their traffic through US-based cloud providers [8]. The US Department of the Treasury reported that Funnull has directly facilitated schemes resulting in over $200 million in reported losses among American victims [8], with average individual losses exceeding $150,000 [2] [6] [7].
During these investment fraud schemes, perpetrators often pose as romantic partners or trusted friends to build trust with victims [6] [7], ultimately persuading them to invest in fraudulent cryptocurrency trading platforms. Victims are directed to websites or applications that closely imitate legitimate investment platforms [7], where they are misled into paying additional “taxes” on their supposed earnings [8], which they never recover [8]. The FBI has cautioned that the presence of secure HTTPS connections or green padlock icons does not guarantee a website’s legitimacy [5].
Liu Lizhi [1] [2] [3] [4] [6], the administrator of Funnull and a Chinese national, has been identified as a key figure in managing operations that support these scams, including assigning domain names to cybercriminals and modifying web code to redirect users to malicious sites [2]. He has been added to the Specially Designated Nationals and Blocked Persons (SDN) list [3], which freezes any US assets he may have and prohibits US individuals from engaging in financial transactions with him [3].
Funnull has been linked to the purchase of IP addresses in bulk from major cloud service providers, which it sells to cybercriminals for hosting fraudulent investment platforms [1]. The FBI has linked 548 CNAME records associated with Funnull to more than 332,000 unique domains since January 2025, discovering that Funnull employs domain generation algorithms to create domain names for these fraudulent sites and provides web design templates to cybercriminals [6]. Between October 2023 and April 2025 [5] [6] [8], the FBI monitored Funnull’s activities and observed significant coordination, with numerous domains shifting across IP addresses simultaneously [5]. Funnull’s infrastructure has allowed scammers to impersonate trusted brands and rapidly change domain names and IP addresses to evade detection [1]. The FBI has noted that Funnull’s operations are associated with the majority of reported virtual currency investment scams and has released a technical write-up detailing the infrastructure used to manage the malicious domains linked to Funnull during the monitoring period [8].
Additionally, Funnull has been implicated in the Polyfill supply chain attack, where it maliciously altered code to redirect visitors from legitimate websites to scam and online gambling sites [4], some of which are associated with Chinese money laundering operations [1]. The sanctions against Funnull and Liu are based on their material assistance to cyber-enabled activities that threaten US national security and economic stability [2]. Consequently, all property and interests of the designated individuals in the US are blocked [2], and US persons are prohibited from engaging in transactions involving them [2]. Two wallet addresses linked to Funnull have also been sanctioned [3], as they are believed to be used for receiving payments from cybercriminals [3]. Violations of these sanctions may lead to civil or criminal penalties [2]. The FBI’s report aims to raise awareness of these activities and provide guidance for internet service providers to help mitigate Funnull’s operations [7]. Individuals encountering suspicious websites or believing they have been targeted by scams are encouraged to report the incidents to local FBI offices or the Internet Crime Complaint Center [5].
Conclusion
The actions taken against Funnull Technology Inc and its administrator, Liu Lizhi [1] [2] [3] [4] [6], underscore the serious threat posed by cyber-enabled investment fraud schemes to US national security and economic stability. The sanctions and warnings serve as a deterrent to similar operations and highlight the importance of vigilance among internet users and service providers. Continued monitoring and reporting of suspicious activities are crucial in mitigating the impact of such fraudulent schemes and protecting potential victims from financial harm.
References
[1] https://www.philstar.com/business/2025/05/30/2447004/us-sanctions-philippine-based-firm-accused-aiding-crypto-scams
[2] https://home.treasury.gov/news/press-releases/sb0149
[3] https://www.ainvest.com/news/sanctions-philippines-firm-funnull-200-million-crypto-scam-2505/
[4] https://techcrunch.com/2025/05/29/us-government-sanctions-tech-company-involved-in-cyber-scams/
[5] https://www.cleveland.com/nation/2025/05/a-foreign-tech-firm-is-behind-massive-pig-butchering-scam-what-us-authorities-say.html
[6] https://cyberscoop.com/funnull-cryptocurrency-scam-sanctions/
[7] https://www.infosecurity-magazine.com/news/fbi-philippines-crypto-scam/
[8] https://cybersecurity.fullcoll.edu/2025/05/30/u-s-sanctions-cloud-provider-funnull-as-top-source-of-pig-butchering-scams/
