On Friday evening, cryptocurrency scammers briefly hacked the LEGO web site to advertise a pretend Lego token that may very well be bought with Ethereum.
Through the breach, the hacker changed the primary banner for the official LEGO web site with a picture exhibiting crypto tokens branded with the “LEGO” brand and textual content stating, “Our new LEGO Coin is formally out! Purchase the brand new LEGO Coin at this time and unlock secret rewards!”
In response to LEGO Reddit moderator “mescad,” the breach occurred at 9 PM EST and lasted roughly 75 minutes till 10:15 PM ET, when the positioning was restored.
In contrast to many cryptocurrency scams, this one didn’t promote a malicious web site with a crypto drainer that stole your property once you related your pockets.
As a substitute, clicking the “Purchase now” hyperlink introduced guests to the Uniswap cryptocurrency platform, the place you could possibly buy the LEGO rip-off token utilizing Ethereum.
Supply: mescad
LEGO confirmed the breach to BleepingComputer however wouldn’t share particulars on how the menace actors gained entry to their web site.
“On 5 October 2024, an unauthorised banner briefly appeared on LEGO.com. It was rapidly eliminated, and the problem has been resolved,” LEGO advised BleepingComputer.
“No consumer accounts have been compromised, and prospects can proceed purchasing as typical. The trigger has been recognized and we’re implementing measures to forestall this from taking place once more.”
Total, the assault was a failure, with only some individuals buying the LEGO token for a number of hundred {dollars}.
For such a high-profile web site like LEGO, it’s stunning that the menace actors would waste their entry on a crypto rip-off.
Web site breaches are as an alternative extra generally used to inject malicious JavaScript into internet pages to stealthily steal buyer info and bank cards.
This knowledge is then used to extort firms for prime payouts, bought on darknet marketplaces, or used to make fraudulent purchases on-line.