FBI Identifies Philippine Technology Firm as Key Player in Cryptocurrency Scam Infrastructure

The FBI has issued a warning regarding the activities of a Philippines-based company identified as Funnull Technology Inc. (Funnull), which is believed to operate an infrastructure that facilitates a majority of cryptocurrency investment fraud (CIF) scams in the United States.

Funnull provides essential hosting and internet infrastructure services, leasing IP addresses and other necessary resources from legitimate American providers, which are subsequently resold to various cybercriminal entities engaged in such fraudulent activities. According to estimates from U.S. Treasury data, scams directly linked to Funnull have resulted in over $200 million in losses reported by U.S. victims, with an average individual loss exceeding $150,000. Additionally, it is likely that the actual losses are even greater, as many victims fail to report their fraudulent experiences.

The FBI has been monitoring Funnull’s operations from October 2023 through April 2025. The modus operandi of CIF scams often involves perpetrators establishing fake identities as potential romantic partners or acquaintances to build trust with victims before persuading them to invest in cryptocurrency. This tactic is frequently referred to as romance baiting or pig butchering.

Victims are redirected to entities posing as legitimate investment platforms, yet the funds are ultimately diverted directly to the scammers.

In light of these alarming findings, the FBI aims to enhance awareness about these scams and provide actionable insights for internet service providers, urging them to take measures against Funnull’s operations.

Identifying Funnull Infrastructure

The FBI has tracked 548 unique Canonical Names (CNAME) associated with Funnull, corresponding to over 332,000 unique domains identified since January 2025. During the monitoring period, distinct patterns of IP address activity were noted from multiple domains utilizing Funnull’s infrastructure. Notably, between October 2023 and April 2025, numerous domains hosted on Funnull’s infrastructure exhibited simultaneous migrations to new IP addresses within the same day or timeframe.

Funnull employs domain generation algorithms (DGAs) to create domain names for the websites operating on their purchased IP addresses. These algorithms produce vast numbers of similar yet unique website names, facilitating the impersonation of legitimate brands and enabling swift domain changes to avoid takedown efforts by service providers.

In 2024, Funnull acquired a repository of web development code, which was maliciously modified to redirect visitors from legitimate sites to scam platforms and online gambling sites, some of which are connected to Chinese money laundering operations.

The FBI has publicly released an extensive list of domain names associated with Funnull infrastructure and has recommended that domain name system (DNS) providers, internet service providers, web browser developers, and safe browsing aggregators take note of these identified domains. These entities are encouraged to increase the risk assessments associated with any domains hosted on Funnull’s infrastructure and to communicate risk warnings to users visiting these sites.

Users are advised to thoroughly investigate these domains prior to making investments, as scam sites often closely mimic legitimate websites. Furthermore, potential investors should verify that investment firms are members of respected self-regulatory organizations like the National Futures Association (NFA) or the Financial Industry Regulatory Authority (FINRA).

U.S. Treasury Takes Action Against Funnull

In conjunction with the FBI’s warning, the Office of Foreign Assets Control (OFAC) of the U.S. Department of the Treasury announced sanctions against Funnull as of May 29. OFAC has also identified Liu Lizhi, a Chinese national, as an administrator of Funnull.

These sanctions impose restrictions that mandate any U.S. property or assets owned by Funnull to be blocked and reported to OFAC. Furthermore, they prohibit U.S. citizens from engaging in any transactions involving Funnull’s assets.

Deputy Secretary of the Treasury Michael Faulkender emphasized, “Today’s action underscores our commitment to disrupting criminal enterprises like Funnull that facilitate these cyber scams and rob Americans of their hard-earned savings.”