Lego Website Hijacked for Cryptocurrency Scam: Fake “Lego Coin” Banner Promises Rewards, Raises Concerns

In a bizarre incident on the evening of October 4, 2024, visitors to Lego’s official website were met with an unexpected surprise. A banner featuring illustrated golden coins branded with the company’s iconic logo claimed that “Lego Coin” was officially available, luring fans with the promise of “secret rewards” for those who purchased it. However, as quickly discovered by eagle-eyed users on The Brick Fan and the Lego subreddit, this wasn’t an official product at all.

Instead of directing users to a genuine Lego offering, the “buy now” button led them to an external cryptocurrency website selling so-called “LEGO Tokens” in exchange for Ethereum, raising immediate red flags. The site, it appears, had been compromised by bad actors in an attempt to push a cryptocurrency scam.

The incident took place during the early morning hours for Lego’s headquarters in Billund, Denmark, occurring at 3:00 AM local time on October 5. The fraudulent banner reportedly went live at 1:00 AM UTC and remained up for about 75 minutes before being removed. By the time most users in the U.S. were visiting the site, Lego had already addressed the issue, replacing the rogue banner with the promotional material for their Fortnite collaboration.

In response to the breach, Lego issued a brief statement:
“On 5 October 2024 (October 4 evening in the US), an unauthorized banner briefly appeared on LEGO.com. It was quickly removed, and the issue has been resolved. No user accounts have been compromised, and customers can continue shopping as usual. The cause has been identified and we are implementing measures to prevent this from happening again.”

The company assured customers that no sensitive data had been compromised but did not provide further details about the nature of the breach or the security measures being implemented to prevent future occurrences.

This incident adds a curious chapter to Lego’s evolving relationship with the digital and virtual worlds. In March 2021, the toy giant hinted at a possible foray into NFTs with a brief post on X (formerly Twitter) featuring a 3D rotating Lego brick and the hashtag “#NFT.” Although the post was quickly deleted, it fueled speculation that Lego might be exploring the nonfungible token space. Additionally, in 2022, Lego’s holding company, KIRKBI, made headlines by investing $1 billion in Epic Games to accelerate plans for a Metaverse collaboration.

Though the scam was neutralized before it could cause widespread damage, it’s a stark reminder of the rising risks posed by cryptocurrency fraudsters. According to recent reports, cryptocurrency scams have cost victims $127 million in the third quarter of 2024 alone, with a staggering $46 million stolen in September.

Lego’s quick response to the breach will likely ease some customer concerns, but the incident underscores the importance of robust cybersecurity, particularly as major companies increasingly engage with digital and virtual assets.

Digital Assets Desk