US Cracks Down on Philippines-Based Hosting Firm Linked to $200M Crypto Fraud

Another day, another crypto scam—except this one had Uncle Sam swinging the hammer. The US just blacklisted a Philippines internet infrastructure provider accused of facilitating a $200 million digital asset heist. Talk about a hosting service with questionable due diligence.

The unnamed company allegedly provided backbone services for fraudsters running a classic ’give us your crypto and watch it disappear’ scheme. Because nothing says ’trustworthy investment’ like an offshore host with lax KYC policies.

While regulators flex their muscles, the incident highlights crypto’s eternal paradox: the same decentralized infrastructure that empowers financial freedom also enables slick operators to vanish with bags of cash. Maybe next time victims will remember—if it sounds too good to be true, it’s probably hosted in Manila.

US Treasury Links Funnull to Infrastructure Behind Widespread Crypto Fraud

According to the Treasury, Funnull provided technical infrastructure for hundreds of thousands of scam websites. Many of these sites were tied to crypto fraud. In particular, they targeted Americans through fake investment schemes.

The company allegedly bought IP addresses in bulk from cloud service providers. It then sold them to cybercriminals. These actors used the infrastructure to host scam websites and other malicious content.

Moreover, investigators say Funnull’s infrastructure supported many platforms flagged in crypto scam reports to the FBI. Victims of these scams reported average losses of more than $150,000.

Typically, the scams rely on false identities and scripted conversations. These are used to build trust with victims. Eventually, the victims are persuaded to invest in fake digital assets through counterfeit platforms that display falsified returns.

Authorities Say True Victim Losses Likely Much Higher Than Reported

The schemes are increasingly operated by criminal organizations based in Southeast Asia. Some of these groups reportedly use trafficked labor to carry out the scams. Once a victim refuses to invest more, the scammer cuts off communication. At that point, the entire investment vanishes.

Meanwhile, Funnull allegedly used domain generation algorithms to create large volumes of deceptive website names. It also distributed web design templates that helped scammers quickly launch new fraudulent sites. In 2024, the company was found to have altered a widely used code repository. This modification redirected traffic from legitimate websites to scam and gambling platforms, some of which are linked to money laundering networks.

In addition, the Treasury said Liu Lizhi managed internal operations at Funnull. He kept spreadsheets tracking employee performance, assigned tasks, and domain usage tied to fraudulent activity, including phishing and gambling sites.

To support detection efforts, the FBI, working in coordination with the Treasury, plans to release a cybersecurity advisory. It will include technical details to help identify infrastructure linked to Funnull.

Finally, authorities warn that reported losses may severely understate the true scale of damage. Many victims of online scams never report the crime.