Skip to content
  • Blog Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form

U.S. Sanctions Funnull for $200M Romance Baiting Scams Tied to Crypto Fraud

Posted on May 30, 2025May 30, 2025 By CWS

Might 30, 2025Ravie LakshmananCryptocurrency / Cybercrime
The U.S. Division of Treasury’s Workplace of International Belongings Management (OFAC) has levied sanctions in opposition to a Philippines-based firm named Funnull Know-how Inc. and its administrator Liu Lizhi for offering infrastructure to conduct romance baiting scams that led to large cryptocurrency losses.
The Treasury accused the Taguig-headquartered firm of enabling hundreds of internet sites concerned in digital foreign money funding scams that brought on Individuals to lose billions of {dollars} yearly.
“Funnull has straight facilitated a number of of those schemes, leading to over $200 million in U.S. victim-reported losses,” the company stated in a press launch. The typical loss is estimated to be over $150,000 per particular person.

Funnull, additionally referred to as Fang Neng CDN (funnull[.]io, funnull[.]com, funnull[.]app, and funnull[.]buzz), was first attracted the eye of the cybersecurity neighborhood in June 2024 after it was implicated within the provide chain assault of widely-used Polyfill[.]io JavaScript library.
Final yr, an evaluation by Silent Push revealed that the infrastructure related to Funnull has been used to advertise funding scams, faux buying and selling functions, and suspect playing networks. The infrastructure has been codenamed Triad Nexus.
Then earlier this February, the cybersecurity firm attributed Funnull to a observe dubbed infrastructure laundering whereby the corporate rented IP addresses from mainstream internet hosting suppliers corresponding to Amazon Net Providers (AWS) and Microsoft Azure to host prison web sites.
Highlighting this side, the Treasury stated Funnull permits digital foreign money funding scams by buying IP addresses in bulk from main cloud companies corporations the world over and promoting them to cybercriminals to host rip-off platforms and different malicious internet content material.
“Funnull generates domains for web sites on its bought IP addresses utilizing area era algorithms (DGAs) – packages that generate giant numbers of comparable however distinctive names for web sites – and supplies internet design templates to cybercriminals,” the company identified.

“These companies not solely make it simpler for cybercriminals to impersonate trusted manufacturers when creating rip-off web sites but additionally enable them to rapidly change to completely different domains and IP addresses when reliable suppliers try to take the web sites down.”
The Treasury additionally accused Funnull of buying Polyfill[.]io with the intent to redirect guests of reliable web sites to rip-off web sites and on-line playing websites, a few of which it stated are linked to Chinese language prison cash laundering operations.

Moreover, the division alleged that its administrator Liu, a Chinese language nationwide, was in possession of spreadsheets and different paperwork that contained details about the corporate’s workers, their efficiency, and their work progress.
The duties assigned to them included assigning domains to prison actors for digital foreign money funding fraud, phishing scams, and on-line playing websites.
In a standalone flash alert, the U.S. Federal Bureau of Investigation (FBI) stated it recognized 548 distinctive Funnull Canonical Names (CNAME) linked to over 332,000 distinctive domains since January 2025.
“Between October 2023 and April 2025, a number of patterns of IP handle exercise have been noticed from a number of domains utilizing Funnull infrastructure,” the FBI stated. “Throughout this timeframe, a whole bunch of domains utilizing Funnull infrastructure concurrently migrated from one IP handle to a different both on the identical precise day or inside the identical timeframe.”

Discovered this text fascinating? Observe us on Twitter  and LinkedIn to learn extra unique content material we submit.

The Hacker News Tags:200M, Baiting, Crypto, Fraud, Funnull, Romance, Sanctions, Scams, Tied, U.S

Post navigation

Previous Post: Detecting and Remediating Misconfigurations in Cloud Environments
Next Post: New Rust-based InfoStealer via Fake CAPTCHA Delivers EDDIESTEALER

Related Posts

Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin The Hacker News
Hackers Use TikTok Videos to Distribute Vidar and StealC Malware via ClickFix Technique The Hacker News
A New Approach to a Decade-Old Challenge The Hacker News
How to Detect Phishing Attacks Faster: Tycoon2FA Example The Hacker News
China-Linked Hackers Launch Targeted Espionage Campaign on African IT Infrastructure The Hacker News
U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime Operation The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • How to Remove Your Data From Data Broker Sites
  • TP-Link Network Video Recorder Vulnerability Let Attackers Execute Arbitrary Commands
  • SharePoint 0-day Vulnerability Exploited in Wild by All Sorts of Hacker Groups
  • Critical Mitel Flaw Lets Hackers Bypass Login, Gain Full Access to MiVoice MX-ONE Systems
  • Fire Ant Exploits VMware Flaws to Compromise ESXi Hosts and vCenter Environments

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • How to Remove Your Data From Data Broker Sites
  • TP-Link Network Video Recorder Vulnerability Let Attackers Execute Arbitrary Commands
  • SharePoint 0-day Vulnerability Exploited in Wild by All Sorts of Hacker Groups
  • Critical Mitel Flaw Lets Hackers Bypass Login, Gain Full Access to MiVoice MX-ONE Systems
  • Fire Ant Exploits VMware Flaws to Compromise ESXi Hosts and vCenter Environments

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News