- This video doorbell camera has just as many features are my Ring - and no subscription required
- LG is giving away free 27-inch gaming monitors, but this is the last day to grab one
- I tested this Eufy security camera and can't go back to grainy night vision
- I replaced my iPhone with a premium dumbphone - here's my verdict after a month
- Build your toolkit with the 10 DIY gadgets every dad should have
FBI Flags Philippines Tech Company Behind Crypto Scam Infrastructure
The FBI has issued a warning about the illicit activities of a Philippines-based company, which provides technology infrastructure behind the majority of cryptocurrency investment fraud (CIF) scams in US.
Funnull Technology Inc. (Funnull) provides hosting services and other internet infrastructure to a range of groups performing such scams. It does so by acquiring IP addresses and other facilities from legitimate providers in the US and selling them to cybercriminals.
According to US Treasury figures, schemes directly facilitated by Funnull have resulted in over $200m in US victim-reported losses, with average losses of over $150,000 per victim.
These figures likely underestimate the total losses, as many victims of scams do not report the crime.
The FBI has tracked Funnull’s malicious activities between October 2023 and April 2025.
During CIF scams, perpetrators pose as potential romantic partners or friends to gain victims’ trust, before convincing them to invest in cryptocurrency. This type of scam is also known as romance baiting or pig butchering.
The victims are directed to websites or applications that purport to be legitimate investment platforms, but instead the money is funnelled directly to the scammers.
The new FBI report aims to raise awareness of this activity and provide information for internet service providers to take action to mitigate Funnull’s activities.
Identifying Funnull Infrastructure
The FBI revealed it has identified 548 unique Funnull Canonical Names (CNAME) linked to over 332,000 unique domains since January 2025.
Between October 2023 and April 2025, the Bureau observed multiple patterns of IP address activity from several domains using Funnull infrastructure.
During this time frame, hundreds of domains using Funnull infrastructure simultaneously migrated from one IP address to another either on the same day or within the same timeframe.
Funnull generates domain names for websites on its purchased IP addresses using domain generation algorithms (DGAs). These programs generate large numbers of similar but unique names for websites, making it easier for criminals to impersonate legitimate brands as well as allow them to quickly change to different domains when providers attempt to take the websites down.
In 2024, Funnull purchased a repository of code used by web developers and maliciously altered the code to redirect visitors of legitimate websites to scam websites and online gambling sites. Some of these sites are linked to Chinese criminal money laundering operations.
The FBI has provided a full list of domain names identified which utilize Funnull infrastructure.
The agency has urged domain name system (DNS) providers, Internet service providers, web browser manufacturers and safe browsing aggregators to take note of the Funnull infrastructure and increase the risk metric for domains hosted on this infrastructure.
They are also advised to return a risk warning to the end user when visiting these websites, if they have a mechanism to do so.
End users have also been told to check these domains before making an investment. The FBI noted that these scam sites can be difficult to detect as they often imitate legitimate websites.
Additionally, potential investors should ensure that investment companies are members of self-regulatory organizations such as the National Futures Association (NFA) or Financial Industry Regulatory Authority (FINRA).
US Treasury Takes Action Against Funnull
Alongside the FBI alert, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced it had sanctioned Funnull on May 29.
OFAC also named Liu Lizhi, a Chinese national, as an administrator of Funnull.
The sanctions mean that any property and interests owned in the US by Funnull must be blocked and reported to OFAC. They also prohibit all transactions by US citizens that involve Funnull assets.
Deputy Secretary of the Treasury Michael Faulkender, commented: “Today’s action underscores our focus on disrupting the criminal enterprises, like Funnull, that enable these cyber scams and deprive Americans of their hard-earned savings.”
