New Scam Targeting Wallet Owners
In Russia, cybercriminals have introduced another fraudulent tactic aimed at cryptocurrency holders. Fake websites are being launched under the guise of promotions, offering users “free” Labubu-themed cryptocurrency. To claim the reward, visitors are asked to link their crypto wallets. Once connected, the sites request access to wallet balances and transaction history. Using malicious “drainer” software, attackers then transfer available funds into their own accounts.
How the Scheme Works
Security analysts at F6 told CNews that criminals are taking advantage of the growing popularity of the Labubu toy to attract victims. The toy’s visibility has surged throughout the summer of 2025, boosted by endorsements from influencers and celebrities.
Labubu, designed by Kasing Lung, is a quirky character with sharp teeth. These toys are typically sold as blind-box collectibles, with prices reaching up to 10,000 rubles and rare editions valued much higher. Their rise in popularity made them a viral sensation on TikTok during spring 2025. Stars such as Lisa Manoban (Blackpink), Robyn Rihanna, Dua Lipa, and Kim Kardashian have all been seen with the toy, further fueling demand.
Fraudulent websites exploit this hype by encouraging users to connect wallets for a supposed giveaway. If funds are present, victims are asked for additional permissions under the pretext of “verification.” Drain malware then drains their assets, automatically redirecting them to wallets controlled by the scammers. If no funds are detected, the site simply states the user is ineligible, allowing fraudsters to skip empty accounts and focus on profitable targets.
No Link to the Real Labubu Project
Experts emphasize that these fraudulent resources have no affiliation with the legitimate Labubu brand. Instead, the name is being misused as bait to lure cryptocurrency owners.
The issue comes shortly after Cyberus completed its restructuring into F.A.C.C.T., which rebranded as F6 in February 2025. According to CNews, F6 has positioned itself as a leader in developing cybersecurity tools and strategies to combat IT-related crimes domestically and internationally.
Recommendations for Users
F6’s specialists advise Russian users to carefully evaluate websites before interacting with them. Tools like whois can reveal important details such as domain registration date, expiration, registrar, and DNS information.
Key safety measures include:
-
Be skeptical of giveaways or free token offers, especially if no confirmation is available on official developer websites.
-
Avoid sharing personal data on unfamiliar websites. Many phishing schemes mimic legitimate resources to steal logins, banking information, or crypto credentials.
-
Keep seed phrases (12, 18, or 24 random words used to recover a wallet) private and stored offline in a secure location.
-
Protect wallets with antivirus software, strong passwords, and two-factor authentication.
The “Labubu for a Review” Scheme
In June 2025, another fraudulent method appeared. According to Russia’s Ministry of Internal Affairs (Department for Combating Illegal Use of ICT, St. Petersburg and Leningrad Region), scammers offered Labubu toys in exchange for leaving a review. Victims were asked to provide personal contact details and a Telegram verification code, which in reality granted access to their accounts.
Other fake promotions required users to subscribe to dubious Telegram channels that distribute fraudulent advertising. There have also been cases where Labubu toys were “sold” through Telegram—after payment, the supposed seller vanished, leaving buyers without their money or the promised product.
This trend is particularly dangerous for children, whose curiosity and trust may make them easy targets. Stolen accounts can later be used for various illegal purposes.