© 2025 CoolTechZone - Latest tech news,
product reviews, and analyses.

Lego website got hacked to promote ‘Lego Coin’ scam


Last Friday, the website of Lego got hacked. For a short period of time visitors got to see a banner which said the company was introducing a new kind of cryptocurrency called ‘Lego Coins’.

The banner on the website invited people to buy ‘the new Lego Coin’ and unlock ‘secret awards’. The buttons underneath the banner led gullible visitors to an external cryptocurrency website that sold ‘Lego tokens’ with Ethereum.

However, Lego isn’t making the jump into cryptocurrency. It was nothing more than a crypto scam which was set up by hackers.

Luckily, Lego fans quickly noticed it was a scam and warned others on Reddit. On their end, Lego took immediate action by removing the unauthorized banner and cutting all links to the website it was referring to.

In a statement to Engadget, Lego said no user accounts were compromised and customers can safely shop again at the Lego store.

“On 5 October 2024 (October 4 evening in the US), an unauthorized banner briefly appeared on LEGO.com. It was quickly removed, and the issue has been resolved. No user accounts have been compromised, and customers can continue shopping as usual. The cause has been identified and we are implementing measures to prevent this from happening again.”

This isn’t the first time Lego is being targeted by bad actors.

In December 2022, analysts at Salt Security discovered two API security vulnerabilities in BrickLink.com, world’s largest community and official seller of second-hand and vintage Lego bricks. Lego was informed and fixed the issues.

However, in November 2023 the Lego marketplace got hacked and an unknown number of user accounts got hijacked. The attackers demanded € 50,000 in Bitcoin. If BrickLand.com wouldn’t pay the ransom money, the hackers would erase both user accounts and associated inventories.

BrickLand.com chose to reset all user passwords and traders were advised to use strong login credentials, install security software, and enable two-factor authentication where available.


Leave a Reply

Your email address will not be published. Required fields are marked