LEGO Homepage Fake LEGO Coin Scam

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Modified LEGO Homepage

On October 4th, the Lego homepage displayed an advertisement for a new cryptocurrency called the Lego coin. This was a scam coin, and was fairly obvious because the attackers didn't invest any time in creating a convincing landing page or trading history for their token, the Lego community was quick to announce it, and the Lego website had the update removed within an hour and a half. A few people fell for it with small investments, which are likely unrecoverable.[1][2][3][4][5][6][7][8][9]

About LEGO

"In March 2021, the toy manufacturer’s X account hinted it may have been moving into the nonfungible token space when it hashtagged “#NFT” in a 14-second clip of a 3D LEGO brick rotating in space. However, the post was removed soon after.

LEGO Group’s holding company KIRKBI did, however, invest $1 billion in video game publisher Epic Games to accelerate its Metaverse plans in April 2022."

"Our new LEGO Coin is officially out! Buy the new LEGO Coin today and unlock secret rewards!"

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

"the homepage of toy manufacturer LEGO Group was hacked on October 5th local time, briefly displaying a "LEGO Coin" token scam."

Key Event Timeline - LEGO Homepage Fake LEGO Coin Scam
Date Event Description
October 4th, 2024 7:00:00 PM MDT Approximate Awareness Lego Team According to a statement by Lego moderator mescad, this is approximately when the moderation team first became aware of the information posted on the site.
October 4th, 2024 7:34:00 PM MDT ZTBricks Notices Announcement ZTBricks posts on Twitter to note about the information being present on the site, including screenshots.
October 4th, 2024 7:53:27 PM MDT Thread Posted On Reddit One of the moderators of the Lego Reddit community named mescad posts a warning about the cryptocurrency scam posted on the main site. They keep the community updated throughout the ordeal and warn them to change passwords.
October 4th, 2024 8:15:00 PM MDT Official Removal Of Link According to a timeline from moderator mescad on the Lego subreddit, the link is offline now.
October 4th, 2024 8:23:00 PM MDT Link Confirmed Offline Twitter user tormentalous reports that the link is removed from the site.
October 5th, 2024 9:00:33 PM MDT CoinTelegraph Article Published CoinTelegraph publishes an article about the Lego website exploit.

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

Total Amount Lost

The total amount lost is unknown.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

"According to a report by Cointelegraph, the homepage of toy manufacturer LEGO Group was hacked on October 5th local time, briefly displaying a "LEGO Coin" token scam. The fraudulent token was present on the LEGO Group's website for approximately 75 minutes before being removed."

"Toy manufacturer LEGO Group has reportedly removed a "LEGO Coin" token scam that briefly appeared on its homepage after being hacked on Oct. 5, reports state.

X user and LEGO enthusiast “ZTBricks” was among the first to spot the scam, which promised “secret rewards” to those who bought LEGO Coin, several screenshots on X show"

"Hey @LEGO_Group someone popped your site and changed the main page! It directs to a crypto site to an account that is almost definitely not you guys!"

"On 5 October 2024 (October 4 evening in the US), an unauthorised banner briefly appeared on LEGO.com. It was quickly removed, and the issue has been resolved. No user accounts have been compromised, and customers can continue shopping as usual. The cause has been identified and we are implementing measures to prevent this from happening again."

Ultimate Outcome

“The issue has been resolved. No user accounts have been compromised, and customers can continue shopping as usual.”

"Lego told Engadget that no user accounts were compromised and that it has identified the cause of the issue. It also said that it was implementing measures to prevent anything similar from happening again in the future. However, the company has declined to share details about that "cause" or the measures it's implementing."

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. @ztbricks Twitter (Accessed Nov 5, 2024)
  2. https://cointelegraph.com/news/lego-removes-crypto-token-scam-from-homepage (Accessed Nov 5, 2024)
  3. @puppyluver01 Twitter (Accessed Nov 5, 2024)
  4. https://www.reddit.com/media?url=https%3A%2F%2Fpreview.redd.it%2Fz1n9oj1amusd1.jpeg%3Fwidth%3D1320%26format%3Dpjpg%26auto%3Dwebp%26s%3D954c0b2cc212eb662f54df3fce53319a1df01171 (Accessed Nov 5, 2024)
  5. LEGO Shop Hacked by Crypto Scam - The Brick Fan (Accessed Nov 5, 2024)
  6. @SDraw_V Twitter (Accessed Nov 5, 2024)
  7. @tormentalous Twitter (Accessed Nov 5, 2024)
  8. @tormentalous Twitter (Accessed Nov 5, 2024)
  9. https://old.reddit.com/r/lego/comments/1fwfp1z/legocom_hacked_by_crypto_scammers/?rdt=53595#lightbox (Accessed Nov 5, 2024)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=LEGO_Homepage_Fake_LEGO_Coin_Scam&oldid=6317"