Toy giant LEGO has swiftly addressed and removed a phishing scam featuring a fraudulent “LEGO Coin” token that briefly appeared on its homepage after a hack on Oct. 5.
At 1:00 am UTC, LEGO enthusiasts like “ZTBricks” noticed the fraudulent message: “Our new LEGO Coin is officially out! Buy the LEGO Coin today and unlock secret rewards!” Users who clicked the “Buy Now” button were directed to a phishing site.
LEGO swiftly removed the scam from its homepage within 75 minutes. A representative from LEGO reportedly informed tech platform Engadget that no user accounts were compromised, and the issue has since been resolved:
“No user accounts have been compromised, and customers can continue shopping as usual. The cause has been identified, and we are implementing measures to prevent this from happening again.”
The hack occurred at 3:00 am in Billund, Denmark, home of LEGO’s headquarters. The company hasn’t made a public statement yet, but the phishing attempt has sparked concern about increasing cryptocurrency scams targeting major brands.
LEGO’s brief venture into the crypto space occurred back in March 2021 when they hinted at NFT involvement, but the post was quickly deleted. However, their investment in Epic Games to explore the Metaverse space in 2022 shows the company’s broader interest in digital expansion.
According to blockchain security firm Scam Sniffer, cryptocurrency scams cost victims over $127 million in Q3 2024, with $46 million lost in September alone.
