Visitors to Lego’s website on the evening of October 4 were greeted by a suspicious banner showcasing golden coins adorned with the Lego logo, encouraging people to invest in a so-called “Lego coin.” This banner promised secret rewards to those who bought the coins. However, Lego had no plans to release any cryptocurrency, and it quickly became apparent that this was a fraudulent scheme. According to The Brick Fan, the banner led visitors to an external website selling “LEGO Tokens” using Ethereum, a clear sign of a cyberattack.

Lego.com hacked by crypto scammers
byu/mescad inlego

Hackers seemingly took over part of Lego’s site and used the platform to promote a cryptocurrency scam, targeting unsuspecting fans and buyers. Many users, including those on the Lego subreddit, raised concerns about the banner and links, noticing that the incident occurred during the nighttime at Lego’s headquarters in Denmark.

Lego reacts quickly to the hack

Although the breach happened overnight in Denmark, Lego quickly responded once alerted to the issue. The company swiftly removed the unauthorised banner and the fraudulent links. As of this writing, the Lego and Fortnite collaboration banner is back in place, and the “buy now” link has been restored to direct visitors to the correct collection of products.

Lego reassured its customers that no user accounts were compromised during the breach. The company explained that it had already identified the cause of the incident and is taking steps to ensure that a similar situation does not occur again. However, Lego did not share any details about what led to the hack or the specific measures it is implementing to prevent future attacks.

Official company statement

Lego issued an official statement regarding the incident:

“On October 5, 2024 (October 4 evening in the US), an unauthorised banner briefly appeared on LEGO.com. It was quickly removed, and the issue has been resolved. No user accounts have been compromised, and customers can continue shopping as usual. The cause has been identified, and we are implementing measures to prevent this from happening again.”

Despite the company’s swift action, the incident raises questions about website security and how even well-established brands can fall victim to cyberattacks. With more businesses moving online and handling sensitive customer information, the pressure to maintain robust security measures is higher than ever. Lego has reassured its customers that their information is safe, but it is yet to be seen what changes the company will make to fortify its digital defences.

In the meantime, site visitors can shop confidently, knowing the breach has been addressed and no personal data was affected.

NORWICH — Detectives from the Connecticut State Police have successfully recovered and returned a portion of stolen cryptocurrency to a victim of theft, authorities announced Thursday.

On March 15, the Norwich Police Department contacted the State Police’s Eastern District Major Crime unit and the Bureau of Special Investigations/Statewide Organized Crime Investigative Task Force, both part of the Cryptocurrency Working Group, to report a significant cryptocurrency theft.

The victim’s cold storage wallet had been compromised, with around $159,712.26 in Bitcoin and Ethereum illegally siphoned off in an attack known as a “wallet drainer.”

Investigating detectives traced the stolen digital assets to two compliant cryptocurrency exchanges.

They swiftly issued freeze requests and secured search warrants from the New London Superior Court for asset seizure.

After months of investigation and legal proceedings, on Oct. 1, detectives returned 0.28993293 Bitcoin (BTC) and 24,051.40 USDT, equivalent to $42,129.95 USD, to the victim.

In light of this incident, the Connecticut State Police are advising residents on how to secure their cryptocurrency:

– Enable Two-factor Authentication (2FA) wherever possible.
– Safeguard private keys for cold storage devices and do not share them.
– Use strong, unique passwords for accounts.
– Stay vigilant against Phishing or Smishing, verifying URLs and email addresses, and avoiding suspicious links or unknown attachments.
– Regularly update software.

The State Police Cryptocurrency Working Group continues its commitment to addressing the challenges posed by digital asset crimes and protecting Connecticut’s citizens in the digital economy.

The State Police urge anyone who suspects they have fallen prey to a cryptocurrency scam to report it to local or state law enforcement, the Internet Crimes Complaint Center (IC3), and via email at [email protected].

CLEVELAND, Ohio – Federal prosecutors are seeking to claim $200,000 worth of cryptocurrency that was siphoned from an investor in Ashtabula.

Bitcoin valued at about $340,000 was fraudulently transferred from the investor’s virtual currency wallet in February, according to documents filed in U.S. District Court in Cleveland on Thursday. The victim did not seek the transaction.

Investigators analyzed a public ledger of crypto transactions to trace the funds to two accounts, the documents show. Authorities found that the bitcoin from the Ashtabula investor was converted to Tether, a cryptocurrency tied to the U.S. dollar and created by Tether Limited Inc.

In March, a month after the theft, Tether Limited Inc. froze the two accounts. Federal investigators filed a seizure warrant in July for the funds. Tether Limited later transferred $200,000 worth of cryptocurrency from the two accounts to a federal law enforcement fund.

Authorities are seeking to return the funds to the investor, though the value of the investment has dropped since the theft. Prosecutors must first go through forfeiture proceedings with the owners of the two addresses.

But the owners of the addresses are unknown, prosecutors said in the documents. A court filing indicates that the scheme originated in Nigeria.

The court filings in the case say FBI agents in Cleveland are “investigating cryptocurrency confidence fraud scams perpetrated on victims throughout the United States, including in the Northern District of Ohio.”