Key Points:
- Lego’s website was briefly hacked to advertise a fake “Lego coin.”
- The scam banner directed users to an external site selling “Lego Tokens.”
- The issue was resolved within 75 minutes without compromising user accounts.
- Experts stress the importance of heightened cybersecurity for trusted brands.
Lego’s Website Breached by Crypto Scam Promoting Fake Coin
🚨🔓 Even LEGO isn’t safe! 🚧 Hackers compromised LEGO’s official website to promote a crypto scam 💻💰, highlighting the growing need for stronger 🔐 #cybersecurity in every industry. 🚨 Stay alert ⚠️ and always verify URLs 🔍 before interacting online! #CryptoScam… pic.twitter.com/nRqBJMvAKt
— Rider | LDA 👿 (@JCryptoRider) October 7, 2024
Lego’s website became the latest target of a cyberattack early Saturday, when hackers inserted a scam advertisement promoting a fake cryptocurrency called “Lego coin.” The banner briefly appeared on the homepage, misleading visitors with a promise of “unlocking secret rewards” through the purchase of Lego Tokens. However, the advertised cryptocurrency had no connection to Lego.
The scam banner, placed just below a legitimate advertisement for Lego’s Fortnite collaboration, featured images of gold coins marked with the iconic Lego logo. Visitors who clicked the banner were redirected to an external cryptocurrency site selling tokens via Ethereum.
The breach was first spotted by a user on X (formerly known as Twitter) with the handle ZTBricks, who warned others about the scam. Fortunately, Lego acted swiftly, removing the malicious banner from its website in just over an hour.
Quick Response from Lego
Lego addressed the issue in a statement provided to Engadget, confirming that no user accounts were compromised during the hack. The company said, “On 5 October 2024, an unauthorized banner briefly appeared on lego.com. It was quickly removed, and the issue has been resolved.” Lego assured customers that the site is now safe for use and that measures are being put in place to prevent future incidents.
Expert Warnings for Cybersecurity
The incident highlights the growing threat of cyberattacks, even for well-established and trusted brands like Lego. Oded Vanunu, Chief Technologist at Check Point Software, commented on the matter, emphasizing that the rise of crypto-related scams requires businesses to be vigilant in securing their digital platforms.
To protect consumers from falling victim to such scams, Vanunu advises users to be cautious when encountering unexpected banners or pop-ups, even on trusted websites. He suggests checking for signs of phishing or suspicious content and avoiding sharing personal information or making payments without verifying the legitimacy of the site.
Enhanced Security Needed for Organizations
Vanunu also emphasized the importance of proactive security measures for companies, including regular vulnerability scans, patching of software, and the use of threat intelligence tools. These steps can help detect and neutralize threats before they reach consumers, ensuring a safer online experience.
As cybercriminals continue to target popular brands, incidents like this serve as a reminder that even industry giants are not immune to digital threats. Organizations and consumers alike must stay alert and prioritize cybersecurity to mitigate such risks in the future.
