US Sanctions FUNNULL for Enabling $200M Crypto Scam Network

The U.S. government recently imposed sanctions on FUNNULL, a company accused of facilitating large-scale cybercriminal activities tied to “pig butchering” cryptocurrency scams. These scams have resulted in staggering financial losses, estimated at $200 million, primarily affecting American victims.

Pig butchering scams are a form of fraud where criminals build fake romantic relationships online to convince victims to invest in fraudulent crypto projects. The average loss per victim is around $150,000, though actual losses are likely higher due to underreporting.

FUNNULL, based in the Philippines and operated by Chinese national Liu Lizhi, provided critical infrastructure to these scammers. This included generating domain names, hosting IP addresses, and supplying web design templates that helped cybercriminals impersonate legitimate brands and rapidly switch domains to avoid takedowns.

The Treasury’s announcement also linked FUNNULL to the Polyfill supply chain attack, where malicious code was inserted into a widely used web development repository. This attack redirected visitors from legitimate sites to scam and gambling websites, some connected to Chinese money laundering operations.

Cybersecurity researchers from Silent Push had previously identified FUNNULL’s role in this supply chain attack, confirming the company’s involvement in distributing malware and facilitating illicit online gambling networks.

Experts emphasize that while the sanctions against FUNNULL mark a significant step, this case represents only a fraction of the broader financial scam ecosystem targeting Americans. Greater accountability and transparency are essential to dismantle these global criminal networks.

Understanding Pig Butchering Scams

These scams exploit emotional manipulation, where fraudsters cultivate trust through fake romantic interactions before persuading victims to invest in fraudulent cryptocurrency ventures. The complexity and emotional angle make these scams particularly damaging and difficult to detect early.

How FUNNULL Enabled Cybercriminals

FUNNULL’s services included:

• Generating domain names linked to scam websites
• Providing web design templates that mimic trusted brands
• Enabling rapid domain and IP address changes to evade takedown efforts

This infrastructure made it easier for scammers to maintain a persistent online presence despite law enforcement interventions.

The Polyfill Supply Chain Attack

FUNNULL was also implicated in the Polyfill supply chain attack, where malicious actors altered a popular web development code repository. This alteration redirected users visiting legitimate websites to fraudulent gambling and scam sites, amplifying the reach of cybercriminal operations.

This attack highlights the dangers of supply chain vulnerabilities in software development, where a single compromised component can affect millions of users worldwide.

The crackdown on FUNNULL is a crucial step toward disrupting these sophisticated scams, but experts warn that much more work is needed to address the broader ecosystem of financial fraud targeting Americans.