Security researchers have uncovered a major supply chain attack linked to the company FUNNULL, which redirected users to thousands of fraudulent gambling sites. After acquiring the Polyfill.io domain, FUNNULL exploited its legitimate access to embed malware across numerous websites. The attack, identified by Silent Push, involved around 40,000 Chinese-language sites impersonating well-known casino brands. FUNNULL's obscure operations raise concerns about potential money laundering activities. Despite inquiries, FUNNULL remains unresponsive, leaving the nature of their activities largely speculative.