Shoppers beware — if you’ve visited LEGO’s official website recently, you might want to keep an eye on your bank account.
Over the weekend, LEGO fell victim to a hacker attack that resulted in a fake banner promoting a fraudulent cryptocurrency called "LEGO Coin" on its site. This news was first covered by Recorders.
Hackers exploited a security vulnerability on LEGO’s website to display a deceptive banner, inviting users to purchase "LEGO Coin" with the promise of special rewards.
Visitors were directed to an external site, where they were tricked into buying fake "LEGO Tokens" through Ethereum, a popular blockchain platform.
The fraudulent page was designed to lure users into transferring money to the scammers.
LEGO Fans Sound the Alarm
The scam was discovered by sharp-eyed LEGO fans from different time zones, who quickly noticed something was off. Fans took to social media platforms like X and Reddit to warn others and alert LEGO of the issue.
Thanks to these warnings, LEGO acted swiftly, removing the fake banner and replacing it with the original content promoting their collaboration with Fortnite.
LEGO has since confirmed that no customer data was compromised in the attack.
The company patched the security hole that allowed hackers to insert the fake banner. While LEGO hasn’t disclosed details of the breach, they emphasized that the situation is now under control.
Although there are no reports of any users being scammed by the scam, LEGO is warning its customers to be careful and only use official payment channels.