Lego's website was hacked to promote a crypto scam
People who visited Lego's website on the evening of October 4 were welcomed by a banner with illustrated golden coins bearing the company's logo, claiming that the "Lego coin" is now officially out. It even promised "secret rewards" to those who'd buy some. But Lego wasn't truly launching an official cryptocurrency coin, and according to The Brick Fan, the button to buy led to an external cryptocurrency website selling "LEGO Tokens" with Ethereum. The website was, seemingly, hijacked by bad actors who switched its banner and used it for some sort of crypto scam.
As users on the Lego subreddit have noted, the incident happened overnight for Lego's headquarters. The company responded relatively quickly, though, and removed the unauthorized banner and links. As of this writing, the Lego Fortnite collaboration banner is back up, and the "buy now" link leads to the collection. Lego told Engadget that no user accounts were compromised and that it has identified the cause of the issue. It also said that it was implementing measures to prevent anything similar from happening again in the future. However, the company has declined to share details about that "cause" or the measures it's implementing.
Here's the company's official statement:
This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/legos-website-was-hacked-to-promote-a-crypto-scam-140045757.html?src=rss"On 5 October 2024 (October 4 evening in the US), an unauthorised banner briefly appeared on LEGO.com. It was quickly removed, and the issue has been resolved. No user accounts have been compromised, and customers can continue shopping as usual. The cause has been identified and we are implementing measures to prevent this from happening again."