- The LEGO website was briefly hacked on Friday to display a fake cryptocurrency scam, “LEGO Coin.”
- The phishing scheme urged users to buy the fraudulent token in exchange for Ethereum, but the banner was swiftly removed
- LEGO has confirmed no user accounts were compromised, and the company is working on enhanced security measures
LEGO’s official website was hacked over the weekend and used to promote a fake cryptocurrency, “LEGO Coin.” The scam banner claimed that buyers would unlock “secret rewards” and directed them to a phishing site. LEGO quickly removed the fraudulent content and reassured customers that no personal data had been compromised, adding that it was focused on preventing similar incidents in the future.
Scammers Changed Homepage
LEGO has never made any moves towards launching a cryptocurrency, saying in August that it would never venture into the crypto or Web3 worlds without it being tied to a physical product. Nevertheless, scammers hacked the site and posted a banner on its homepage, featuring golden coins and a “buy now” button that redirected users to an external site demanding payments in Ethereum:
According to reports, the scam was detected by a LEGO fan and quickly spread across social media platforms like Reddit and X, resulting in the malicious content being taken down after a little more than an hour.
Issue Resolved
In a statement, LEGO confirmed that no user data was affected by the breach and that they have implemented steps to address the issue, noting, “The issue has been resolved. No user accounts have been compromised, and customers can continue shopping as usual.”
The infiltration shows an escalation of crypto scammers’ methods, using popular brands to solicit investments, although there was less chance of success given LEGO’s noted absence of crypto involvement.
