Visitors to Lego’s website on the evening of October 4 were met with a banner featuring golden coins and a message announcing the launch of a “Lego coin” along with promises of “secret rewards” for buyers.
However, Lego is not actually launching a cryptocurrency. Instead, users discovered that the purchase button redirected them to an external site selling “LEGO Tokens” using Ethereum, suggesting a hijacking by malicious actors.
The incident reportedly occurred overnight at Lego’s headquarters, prompting a swift response from the company. Lego quickly removed the unauthorized banner and links, replacing them with the promotional content for its collaboration with Fortnite. As of now, the “buy now” link directs users to the official collection.
Lego reassured that no user accounts were compromised during the incident and confirmed that it has identified the cause of the breach.
“On 5 October 2024 (October 4 evening in the US), an unauthorised banner briefly appeared on LEGO.com. It was quickly removed, and the issue has been resolved. No user accounts have been compromised, and customers can continue shopping as usual. The cause has been identified and we are implementing measures to prevent this from happening again.” the company assured users on its website.
The company has also stated it is implementing measures to prevent similar occurrences in the future, though it has not disclosed specific details regarding the cause or the new security measures.