Today (May 29, 2025), the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) imposed sanctions targeting the Philippines-based cyber scam facilitator Funnull Technology Inc. and its administrator Liu Lizhi. The Federal Bureau of Investigation (FBI)’s Internet Crime Complaint Center (IC3) also issued an advisory including technical details of Funnull’s operations. These actions emphasize the US Government’s continued focus on disrupting criminal enterprises that are enabling cyber scams causing losses in the billions of dollars to Americans.
Funnull Technology Inc. provides computer infrastructure that allegedly serves hundreds of thousands of illicit websites associated with pig butchering scams, online gambling, and phishing scams. OFAC stated that Funnull has directly facilitated several of these schemes, resulting in over USD 200 million in US victim-reported losses, and that Funnull is linked to the majority of virtual currency investment scam websites reported to the Federal Bureau of Investigation (FBI).
According to OFAC, Funnull enables these scams by purchasing IP addresses in bulk from major, legitimate, cloud services companies worldwide, and selling them to cybercriminals to host scam platforms and other malicious content. US-based victims of these sites have reported an average loss of USD 150,000 per individual, a likely underestimation of the total losses.
Funnull also provides services generating domain names for websites on its purchased IP addresses. These services use domain generation algorithms and provide web design templates. This enables cybercriminals to easily impersonate trusted brands, and quickly change domains when legitimate providers attempt to have the websites taken down.
Today’s designation included two cryptocurrency addresses, which have received over USD 4 million in transactions. The addresses show indirect exposure to investment scams, identified pig butchering groups, and addresses connected to forced scam / pig butchering compounds, as well as direct exposure to Huione Pay. Earlier this month, the US Financial Crimes Enforcement Network (FinCEN) issued a finding and notice of proposed rulemaking (NPRM) for Huione, identifying it as a primary money laundering concern.
According to today’s designation, in 2024 Funnull purchased a repository of code and maliciously altered the code to redirect visitors to scam websites and online gambling sites, some of which were linked to Chinese criminal money laundering operations. Research from Silent Push, also found that thousands of gambling websites hosted on Funnull contained the branding for the Suncity Group, an organization that the United Nations named in 2024 as responsible for laundering millions for North Korea’s cybercriminal gang Lazarus Group. These findings underscore how threat actors increasingly exploit digital infrastructure to combine cybercrime and illicit finance.
Today’s sanctions reflect the US Government’s commitment to dismantling the infrastructure that enables cyber-enabled fraud and illicit financial flows at scale. As threat actors evolve — blending deceptive online platforms, digital infrastructure misuse, and complex laundering schemes — so too must the tools used to identify and disrupt them. TRM’s blockchain intelligence capabilities enable investigators to trace transactions, surface hidden connections between actors and assets, and support efforts to dismantle illicit networks like those enabled by Funnull.
Access our coverage of TRON, Solana and 23 other blockchains
Fill out the form to speak with our team about investigative professional services.
