On October 5, toy manufacturer LEGO Group briefly featured a “LEGO Coin” token scam on its homepage after a reported hack. The fraudulent message promoted a fake cryptocurrency, enticing users with promises of “secret rewards” for purchasing the so-called LEGO Coin.
LEGO enthusiast “ZTBricks” was one of the first to notice the scam, sharing screenshots on social media platform X (formerly Twitter). The message read:
“Our new LEGO Coin is officially out! Buy the LEGO Coin today and unlock secret rewards!”
Clicking the “Buy Now” button redirected users to a phishing website.
LEGO has not issued a public statement regarding the incident, but the scam message and its associated link were swiftly removed from the homepage.
In a comment to Engadget, LEGO confirmed that the cryptocurrency scam only appeared “briefly” and reassured customers that no accounts were compromised:
“The issue has been resolved. No user accounts have been compromised, and customers can continue shopping as usual,” LEGO said.
“The cause has been identified, and we are implementing measures to prevent this from happening again.”
According to “mescad,” a moderator on the “lego” subreddit, the fake LEGO Coin message first appeared on the homepage at 1:00 AM UTC on October 5 and was removed approximately 75 minutes later. The incident occurred at 3:00 AM local time in Billund, Denmark, where LEGO’s headquarters are located.