Highlights:
- LEGO Group removed a fraudulent ‘LEGO Coin’ scam that briefly appeared on its website.
- The scam promised ‘secret rewards’ and redirected users to buy tokens with Ethereum.
-
LEGO confirmed that hackers did not compromise any user accounts.
Advertisement
Toy manufacturer LEGO Group removed a fraudulent ‘LEGO Coin’ token scam that briefly appeared on its website after a hack on October 5. The scam was initially spotted by X user and LEGO enthusiast ‘ZTBricks,’ who posted screenshots of the fake promotion that promised ‘secret rewards’ for purchasing the LEGO Coin.
Fraudulent LEGO Coin Promotion Briefly Appears on Homepage
The fraudulent LEGO Coin promotion appeared on LEGO’s homepage at 1:00 am UTC on October 5. The team removed it about 75 minutes later, according to ‘mescad,’ a moderator of the ‘lego’ subreddit. The incident occurred at 3:00 am in Billund, Denmark, where LEGO’s headquarters are based.
Screenshots on X displayed the message:
“Our new LEGO Coin is officially out! Buy the LEGO Coin today and unlock secret rewards!”
Clicking the banner redirected users to a decentralized exchange, prompting them to purchase the scam tokens using Ethereum. LEGO has not publicly addressed the incident, but it removed the deceptive message and link from its homepage.
Hey @LEGO_Group someone popped your site and changed the main page! It directs to a crypto site to an account that is almost definitely not you guys! pic.twitter.com/JrG31zcpYX
— ZTBricks (@ztbricks) October 5, 2024
LEGO Confirms No User Accounts Compromised
According to reports, LEGO informed the consumer tech platform Engadget that the scam appeared briefly and did not compromise user accounts. The company stated, “The issue has been resolved. No user accounts were compromised, and customers can continue shopping as usual.” They also confirmed that preventive measures are being put in place to avoid future incidents.
LEGO hasn’t explained how hackers accessed its systems. Groups carry out most attacks, as they are too complicated for one person. These groups use tools on and off the blockchain to carry out scams. On-chain attacks exploit weak contracts, while off-chain attacks involve phishing and hacking. These groups often run multiple smaller scams at once to avoid detection. LEGO’s lack of communication has led to more speculation about how the breach occurred.
Interestingly, LEGO’s connection to digital assets isn’t new. In 2021, the firm hinted at exploring non-fungible tokens (NFTs). However, they removed the post shortly after.
Brand Reputation Targeted in Rising Crypto Scams
The attackers likely aimed to exploit LEGO’s strong brand reputation, a trend seen in rising crypto scams. Typically, these scammers target a trusted or influential third party, compromise their security, and use their platforms to promote scams to unsuspecting victims. Users can easily become victims of this type of fraud, as it appears to originate from a reliable source.
In June 2024, the Ethereum Foundation’s email system was hacked, leading to the promotion of a drainer link sent to its 35,794 subscribers. A similar incident occurred when attackers compromised Metallica’s official X account. They promoted a scam Solana token called $METAL, generating approximately $10 million in trading volume.
Crypto scams have become increasingly sophisticated over the years, evolving from Ponzi schemes and fraudulent ICOs to more advanced methods, including drainers, phishing attacks, and hacks. A report by Immunefi revealed that crypto scammers stole approximately $1.2 billion in 2024.
Advertisement
