A promotion for a fake "LEGO Coin" token was taken down from LEGO Group's homepage following a security breach on October 5.
The fake ad promised buyers "secret rewards" for purchasing the fraudulent token. However, clicking the "Buy Now" link redirected users to a phishing site, stealing sensitive information.
The "LEGO Coin" promotion appeared on LEGO's website around 1:00 AM UTC on October 5 and was removed within 75 minutes, according to a LEGO subreddit moderator, "mescad."
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
How to Track Cryptocurrencies? (3 BEST Tracking Platforms Revealed)
Screenshots shared on X showed the scam's announcement:
Our new LEGO Coin is officially out! Buy the LEGO Coin today and unlock secret rewards!
While the scam message and phishing link have since been taken down from the site, LEGO has not yet issued an official statement addressing the breach.
Engadget later reported that LEGO acknowledged the incident and confirmed that no customer accounts were compromised:
The issue has been resolved. No user accounts have been compromised, and customers can continue shopping as usual. The cause has been identified, and we are implementing measures to prevent this from happening again.
In other news, on September 23, hackers took control of the OpenAI Newsroom account on X, aiming to lure victims into a scheme involving fake OPENAI tokens.