LEGO’s web site hacked to push cryptocurrency rip-off

On Friday evening, cryptocurrency scammers briefly hacked the LEGO web site to advertise a pretend Lego token that may very well be bought with Ethereum.

In the course of the breach, the hacker changed the primary banner for the official LEGO web site with a picture exhibiting crypto tokens branded with the “LEGO” emblem and textual content stating, “Our new LEGO Coin is officially out! Buy the new LEGO Coin today and unlock secret rewards!”

In line with LEGO Reddit moderator “mescad,” the breach happened at 9 PM EST and lasted roughly 75 minutes till 10:15 PM ET, when the location was restored.

In contrast to many cryptocurrency scams, this one didn’t promote a malicious web site with a crypto drainer that stole your property once you related your pockets.

As an alternative, clicking the “Buy now” hyperlink introduced guests to the Uniswap cryptocurrency platform, the place you could possibly buy the LEGO rip-off token utilizing Ethereum.

LEGO website hacked to promote crypto scam
LEGO web site hacked to advertise crypto rip-off
Supply: mescad

LEGO confirmed the breach to BleepingComputer however wouldn’t share particulars on how the risk actors gained entry to their web site.

“On 5 October 2024, an unauthorised banner briefly appeared on LEGO.com. It was quickly removed, and the issue has been resolved,” LEGO instructed BleepingComputer.

“No user accounts have been compromised, and customers can continue shopping as usual. The cause has been identified and we are implementing measures to prevent this from happening again.”

General, the assault was a failure, with only some individuals buying the LEGO token for a number of hundred {dollars}.

For such a high-profile web site like LEGO, it’s shocking that the risk actors would waste their entry on a crypto rip-off.

Web site breaches are as an alternative extra generally used to inject malicious JavaScript into net pages to stealthily steal buyer data and bank cards. 

This knowledge is then used to extort firms for prime payouts, bought on darknet marketplaces, or used to make fraudulent purchases on-line.

Recent articles

Patch Alert: Essential Apache Struts Flaw Discovered, Exploitation Makes an attempt Detected

î ‚Dec 18, 2024î „Ravie LakshmananCyber Assault / Vulnerability Risk actors are...

Meta Fined €251 Million for 2018 Knowledge Breach Impacting 29 Million Accounts

î ‚Dec 18, 2024î „Ravie LakshmananKnowledge Breach / Privateness Meta Platforms, the...