Cryptocurrency scammers temporarily compromised the LEGO website to deceive fans into buying a fake “LEGO Coin” cryptocurrency.
The breach occurred on October 4, 2024, when an unauthorized banner appeared on the LEGO.com homepage, claiming to offer “secret rewards” to those who purchased the bogus coin.
The malicious banner, which featured golden coins adorned with the LEGO logo, redirected users to an external website selling “LEGO Tokens” using Ethereum, a popular digital currency.
However, LEGO has confirmed that it has no plans to release any cryptocurrency and that the incident was a result of a cyberattack.
Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free
According to reports, the hack was discovered around 9 pm EDT on October 4, and the company quickly responded to remove the unauthorized banner and links.
Also the users on Lego subreddit have noted the incident “Around 9pm EDT we became aware that the Lego.com website was edited with a message about a “new coin” and had links to a crypto currency website. Lego is not releasing a cryptocurrency! This is a scam and you should avoid it.”
LEGO acted swiftly: “On 5 October 2024 (October 4 evening in the US), an unauthorized banner briefly appeared on LEGO.com. It was quickly removed, and the issue has been resolved.
No user accounts have been compromised, and customers can continue shopping as usual. The cause has been identified, and we are implementing measures to prevent this from happening again”.
Despite the swift resolution, the incident raises concerns about website security and the vulnerability of even well-established brands to cyberattacks. LEGO has not shared details about the cause of the breach or the specific measures it is implementing to prevent future attacks.
Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Free Webinar