Toy manufacturer LEGO Group has reportedly taken down a scam promoting a fraudulent “LEGO Coin” token that appeared on its official homepage after hackers gained access on Oct. 5. The scam, which falsely promised “secret rewards” to those who purchased the so-called LEGO Coin, was visible for approximately 75 minutes before being removed.
The issue was first highlighted by X user and LEGO enthusiast “ZTBricks,” who noticed the suspicious message that read: “Our new LEGO Coin is officially out! Buy the LEGO Coin today and unlock secret rewards!” Clicking the “Buy Now” button led visitors to a phishing website designed to steal personal information.
LEGO Confirms No Customer Data Was Compromised
LEGO has not publicly commented on the incident, but the scam message and link have since been removed. A spokesperson reportedly told consumer tech platform Engadget that the scam only appeared “briefly” and assured customers that no accounts were compromised during the breach. LEGO confirmed, “The issue has been resolved. No user accounts have been compromised, and customers can continue shopping as usual.”
The hack occurred at around 3 AM in Billund, Denmark, where LEGO’s main headquarters is based. According to “mescad,” a moderator on the LEGO subreddit, the scam first appeared at 1 AM UTC on Oct. 5 and was swiftly taken down after it was detected.
Growing Concerns Over Cryptocurrency Scams
This is not LEGO’s first brush with the crypto world. In March 2021, LEGO briefly hinted at possible involvement in NFTs via its X account, only for the post to be deleted shortly after. However, the company’s parent firm, KIRKBI, did invest $1 billion in video game publisher Epic Games to advance its Metaverse ambitions in April 2022.
The incident comes amid growing concerns over cryptocurrency scams, with blockchain security firm Scam Sniffer reporting that fraudsters stole $127 million from victims in Q3 2024 alone, including $46 million in September.