Lego’s website was hacked to display an unauthorized cryptocurrency ad promoting a fake “Lego coin.” The ad encouraged site visitors to purchase the fake crypto, promising them secret rewards and redirecting them to a suspicious external site selling “Lego tokens.”

Lego’s Website Compromised by Cryptocurrency Scam

Lego’s website experienced a security breach on Oct. 4 when the hacker replaced the site’s banner with a fraudulent cryptocurrency advertisement. The altered banner showcased illustrated golden coins with Lego’s logo and falsely promoted a “Lego coin” launch, urging users to buy the token with promises of “secret rewards.” The hacked site read:

Our new Lego coin is officially out! Buy the new Lego coin today and unlock secret rewards!

Visitors who clicked the banner were redirected to an external site selling “Lego tokens,” as reported by The Brick Fan. The breach occurred overnight at Lego’s Denmark headquarters and was quickly noted by users on the Lego subreddit.

Lego swiftly removed the unauthorized content and restored the original banner. The company confirmed the following day that no user accounts had been compromised. In a statement to Engadget, Lego said:

On 5 October 2024 (October 4 evening in the U.S.), an unauthorised banner briefly appeared on Lego.com. It was quickly removed, and the issue has been resolved.

“No user accounts have been compromised, and customers can continue shopping as usual. The cause has been identified and we are implementing measures to prevent this from happening again,” the company’s statement adds.