em360tech image

The LEGO website has been hacked in a crypto scam cyber attack. The cybercriminals added a banner to the website promoting a fake LEGO token that could be purchased with Ethereum.

Ethereum is a popular cryptocurrency and blockchain network where developers build applications that operate autonomously. Stealing or manipulating Ether, the currency connected to Ethereum, can lead to substantial financial gains for hackers. Ethereum's smart contracts, while powerful, can be vulnerable to coding errors or design flaws. Hackers exploit these vulnerabilities to execute malicious code or drain funds from contracts.

Online fans monitoring the website claim that the crypto scam banner appeared on the LEGO website for 75 minutes until it was removed.

If a user clicked ‘Buy Now’ on the fake banner they were taken to Uniswap cryptocurrency platform to purchase the scam LEGO token using Ethereum.

LEGO confirmed the attack in a statement saying that ‘an unauthorized banner briefly appeared on LEGO.com. It was quickly removed, and the issue has been resolved. No user accounts have been compromised, and customers can continue shopping as usual. The cause has been identified and we are implementing measures to prevent this from happening again.’

The company has not confirmed how the site was infiltrated and no cybercriminal or hacker group has claimed responsibility.

The method used by hackers to infiltrate LEGO's website remains unclear. However, common techniques employed in such attacks include phishing, SQL injection, and cross-site scripting.

The fake LEGO token promoted on the website was likely created specifically for the scam. Decentralized finance (DeFi) platforms like Uniswap can be vulnerable to scams. Users must exercise caution when interacting with such platforms and verify the legitimacy of any tokens or projects they encounter.

Due to the fast response by the LEGO team it is believed that very few visitors clicked the banner and entered their details, making the cyber attack a failure.

What To Do If You Are A Victim of the LEGO Crypto Scam?

If you are part of the unlucky few that were taken in by the LEGO cyber attack reach out to LEGO's customer service immediately to report the incident and provide details about what happened. They may be able to offer assistance or provide further information.

Contact your local law enforcement agency and file a report about the scam. Provide as much detail as possible, including any information you have about the attackers or the scam itself.

Keep a close eye on your bank accounts, credit cards, and other financial accounts for any signs of fraudulent activity. Update your passwords and add multi-factor authentication to accounts that allow it. If you notice anything suspicious, report it to your financial institution immediately.

If you suffered significant financial losses or have concerns about your legal rights, consider consulting with a lawyer specializing in cybercrime or consumer protection.

While LEGO mostly successfully mitigated the cyberattack, the incident serves as a stark reminder of the potential devastation such breaches can cause. Even with robust mitigation strategies in place, hackers can still exploit vulnerabilities to wreak havoc.

It is yet another lesson in how companies must fortify their cybersecurity strategy to prevent hackers gaining initial access, rather than just mitigating the threat after it happens.

By investing in advanced threat detection, prevention, and response capabilities, organizations can significantly reduce their risk of falling victim to cyberattacks and protect not only their valuable asset but consumer trust.