LEGO’s website hacked to push cryptocurrency scam

On Friday night, cryptocurrency scammers briefly hacked the LEGO website to promote a fake Lego token that could be purchased with Ethereum.

During the breach, the hacker replaced the main banner for the official LEGO website with an image showing crypto tokens branded with the “LEGO” logo and text stating, “Our new LEGO Coin is officially out! Buy the new LEGO Coin today and unlock secret rewards!”

According to LEGO Reddit moderator “mescad,” the breach took place at 9 PM EST and lasted approximately 75 minutes until 10:15 PM ET, when the site was restored.

Unlike many cryptocurrency scams, this one did not promote a malicious site with a crypto drainer that stole your assets when you connected your wallet.

Instead, clicking the “Buy now” link brought visitors to the Uniswap cryptocurrency platform, where you could purchase the LEGO scam token using Ethereum.

LEGO confirmed the breach to BleepingComputer but would not share details on how the threat actors gained access to their website.

“On 5 October 2024, an unauthorised banner briefly appeared on LEGO.com. It was quickly removed, and the issue has been resolved,” LEGO told BleepingComputer.

“No user accounts have been compromised, and customers can continue shopping as usual. The cause has been identified and we are implementing measures to prevent this from happening again.”

Overall, the attack was a failure, with only a few people purchasing the LEGO token for a few hundred dollars.

For such a high-profile site like LEGO, it is surprising that the threat actors would waste their access on a crypto scam.

Website breaches are instead more commonly used to inject malicious JavaScript into web pages to stealthily steal customer information and credit cards. 

This data is then used to extort companies for high payouts, sold on darknet marketplaces, or used to make fraudulent purchases online.