LEGO Group recently addressed a security breach involving a phishing scam promoting a fake “LEGO Coin” token, which briefly appeared on their homepage following a hack on October 5. The scam was first noticed by “ZTBricks,” an X user and LEGO fan, who shared screenshots showing a fake message urging users to buy the token to unlock “secret rewards.” Those who clicked the “Buy Now” button were directed to a phishing site.
- The scam message, along with the malicious link, has since been removed from LEGO’s homepage.
- LEGO stated that the incident was brief and no user accounts were compromised.
- Measures are being put in place to prevent similar incidents in the future.
The fake “LEGO Coin” promotion reportedly appeared at 1:00 AM UTC on October 5 and was taken down around 75 minutes later, according to a moderator on the “lego” subreddit. Although LEGO has not made a public comment, they confirmed to Engadget that the issue has been resolved and assured customers that their accounts are safe.
This incident recalls LEGO’s brief foray into digital assets, when in March 2021, they hinted at involvement in NFTs but later pulled the post. Despite the scam, LEGO’s parent company continues to invest in digital spaces, including a $1 billion investment in Epic Games for its Metaverse ambitions.