LEGO Hacked to Shill Lego Coin Crypto Scam

On 5 October, the website of the renowned toy company LEGO was compromised by hackers who exploited the homepage banner to promote a fraudulent cryptocurrency scheme.

The scammers advertised a non-existent 'LEGO Coin,' misleadingly suggesting an official offering by the company, which has neither launched nor expressed any intention to launch such a token.

The homepage read:

"Our new LEGO Coin is officially out! Buy the LEGO Coin today and unlock secret rewards!”

The malicious banner included a 'Buy Now' button that redirected unsuspecting visitors to an external cryptocurrency website purportedly selling 'LEGO Tokens' in exchange for Ethereum.

The scam promised "secret rewards" to entice users into making purchases.

LEGO swiftly regained control of its website and removed the fraudulent content shortly after its appearance.

On X (formerly known as Twitter), an avid LEGO enthusiast and user known as "ZTBricks" was among the first to identify the scam, which led users to a phishing site upon clicking the 'Buy Now' button.

According to "mescad," a moderator of the "lego" subreddit, the incident occurred overnight for LEGO's headquarters.

The fraudulent 'LEGO COIN' first appeared on the homepage at 1:00 am UTC on 5 October and was taken down approximately 75 minutes later.

This event took place at 3:00 am in Billund, Denmark, where LEGO's main office is located.

LEGO Removes Scam But No Official News Published

LEGO has not issued a formal statement through any of its official channels as of yet.

However, the LEGO Coin message and the "Buy Now" link have been removed from its homepage, and the banner has reverted to an older version featuring the company’s Fortnite collaboration.

In a conversation with tech publication Engadget, LEGO confirmed that the cryptocurrency scam appeared on its homepage only "briefly" and assured that no user accounts were compromised.

The company also stated that it is working on preventing such incidents in the future but declined to specify the cause of the issue or the measures it plans to implement.

The statement provided to Engadget read:

“On 5 October 2024 (October 4 evening in the US), an unauthorised banner briefly appeared on LEGO.com. It was quickly removed, and the issue has been resolved. No user accounts have been compromised, and customers can continue shopping as usual. The cause has been identified and we are implementing measures to prevent this from happening again.”

Despite this, LEGO has chosen not to disclose further details about the "cause" or the steps it is taking to enhance security.