On May 29, 2025, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Funnull Technology Inc., a Philippines-based technology firm, and its administrator, Liu Lizhi, for their roles in facilitating cryptocurrency investment scams, commonly known as “pig butchering.” Funnull’s scams have defrauded U.S. victims of more than $200 million since its inception.
In its designation, OFAC listed two cryptocurrency addresses associated with Funnell Technology Inc. on its Specially Designated Nationals (SDN) List. The Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center (IC3) also issued an advisory, which includes technical details such as infrastructure and IP addresses used by Funnull’s operations.
In this blog, we’ll look at Funnull’s role in facilitating pig butchering scams and the on-chain activity of the addresses associated with Funnull.
Funnull’s role in facilitating pig butchering scams
Funnull Technology Inc. enabled cybercriminals by purchasing IP addresses in bulk from major cloud service providers and selling them to operators of fraudulent investment platforms. This infrastructure allowed scammers to host malicious websites that mimicked legitimate investment platforms, thereby deceiving victims into investing in non-existent opportunities.
Funnull was a central player in a network dubbed by security researchers as “Triad Nexus,” which includes more than 200,000 unique hostnames, many of which are associated with investment scams, fake trading apps, and suspect gambling networks.
On-chain activity of sanctioned crypto addresses
OFAC’s designation includes two digital currency addresses associated with Funnull Technology Inc.:
- Ethereum (ETH): 0xd5ED34b52AC4ab84d8FA8A231a3218bbF01Ed510
- TRON (TRX): TNmRfnSUXZoWWzxcDDbf95eGQYXt1mJDt8
These addresses were likely used to receive payment from cybercriminals for IP addresses, and other web infrastructure used to host scam platforms and other malicious web content. As we see in the below Chainalysis Reactor graph, Funnull had direct exposure to Huione Pay, for which the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) recently issued a finding and notice of proposed rulemaking (NPRM) identifying it as a primary money laundering concern. Additionally, the addresses show indirect exposure to various types of scams and domain management infrastructure vendors.
Strategic implications for combating crypto-enabled fraud.
Today’s OFAC sanctions underscore the U.S. government’s continued commitment to disrupting the infrastructure that enables large-scale cryptocurrency investment scams. By targeting the service providers that facilitate these fraudulent schemes, OFAC aims to dismantle the networks that perpetrated such scams and as a result, protect potential victims.
We have labeled the above addresses in our product suite, and will continue monitoring this network and provide updates when possible.
This website contains links to third-party sites that are not under the control of Chainalysis, Inc. or its affiliates (collectively “Chainalysis”). Access to such information does not imply association with, endorsement of, approval of, or recommendation by Chainalysis of the site or its operators, and Chainalysis is not responsible for the products, services, or other content hosted therein.
This material is for informational purposes only, and is not intended to provide legal, tax, financial, or investment advice. Recipients should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with Recipient’s use of this material.
Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in this report and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material.