Early Saturday morning, Lego’s website briefly fell victim to a crypto scam that advertised a fake Lego coin token.
The scam appeared as a banner on the homepage, positioned below an advertisement for Lego’s new Fortnite collaboration, which features building models inspired by various Fortnite characters and elements.
Fake Lego Coins
Users were greeted by a banner featuring illustrated gold coins marked with the Lego logo, announcing the release of a “Lego coin”.
However, a user on X (formerly Twitter), ZTBricks, who noticed the hack, shared that the banner claimed visitors could “unlock secret rewards” by purchasing the newly launched LEGO coin.
Despite appearances, Lego wasn’t actually launching a cryptocurrency, and users were directed to an external crypto site selling “Lego Tokens” via Ethereum. It seems the website was compromised by malicious actors, who replaced the banner to promote a crypto scam.
However, Lego acted quickly to remove the scam from its homepage, and Lego Reddit monitors reported that it was resolved in 75 minutes.
No Accounts Were Compromised
Lego released a statement to Engaget, saying: “On 5 October 2024, an unauthorized banner briefly appeared on lego.com. It was quickly removed, and the issue has been resolved. No user accounts have been compromised, and customers can continue shopping as usual.”
Lego added that the cause has been identified and that it is implementing measures to prevent this from happening again.
Even Trusted Brands are Targets
“This incident is a stark reminder of how even trusted brands like Lego can become targets for cybercriminals,” commented Oded Vanunu, Chief Technologist, WEB 3.0 & Head of Product Vulnerability Research at Check Point Software.
“The rise of crypto-related scams highlights the need for organizations to continuously monitor and secure their digital platforms against such threats.”
Preventative Measures
To avoid falling victim to scams like these, Vanunu advises consumers to be vigilant when encountering unexpected pop-ups or offers on trusted websites.
He says to always look for signs of phishing or suspicious content and refrain from sharing personal information or making payments unless you’re sure of the site’s legitimacy.
“Organizations, on the other hand, should prioritize robust security measures, including regular vulnerability scans, patching, and threat intelligence tools that can detect and mitigate these types of attacks before they reach the public.”
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.