“Today’s action underscores our focus on disrupting the criminal enterprises, like Funnull, that enable these cyber scams and deprive Americans of their hard-earned savings,” Deputy Secretary of the Treasury Michael Faulkender said in a statement.
Funnull administrator Liu Lizhi, a Chinese national, was also sanctioned.
Funnull allegedly purchases IP addresses in bulk from legitimate providers, generates domains for use on these IP addresses, and then, according to the Treasury, resells them to cybercriminals who use them to host scam websites and platforms. The service allows scammers to purchase several unique but similar sites to impersonate other brands and quickly change domains and IP addresses.
Victims of scams that link back to Funnull have reported more than $200 million in losses, with the average victim scammed out of $150,000. According to the Treasury, losses due to these scams reached record levels in 2024.
In 2024, Funnull also allegedly engaged in an attack that redirected visitors of more than 100,000 legitimate sites instead to scam platforms, gambling sites, and sites linked to Chinese criminal money laundering operations.
The report described how Funnull would continuously rent IP addresses from providers like Amazon Web Services and Microsoft Azure faster than the providers could ban Funnull, occasionally via illicit means. Amazon Web Services issued a public statement in response to the report, confirming it had also been investigating Funnull and suspending its accounts.
According to the Treasury and Silent Push, the cybercriminals linked to Funnull are largely based in Southeast Asia.
In some cases, victims are persuaded to invest via foreign currency exchange schemes rather than with cryptocurrency.
Law enforcement estimates that Americans have lost billions to these and other cryptocurrency schemes.







