How I Audited a "Lost" $200k Lego Collection With a Go Script

By Maya Patel · May 31, 2026 · 9 min read

gogolangautomationlegoprogrammingdata-analysis

I Tracked a "Lost" Manifest with 14,000 Items. The POS Audit Logs Were a Smoking Gun.

Bottom line: When a local Bricks & Minifigs franchise claimed a $200,000 consigned collection vanished during a "POS update," the data told a different story.

By auditing their proprietary iPad-based inventory endpoints against a 14,000-item manifest, I proved the sets weren't lost—they were bulk-edited to bypass consignment payouts.

If you build inventory systems, your state mutations need immutability, or they're just an invitations for fraud.

Stop trusting third-party inventory databases to protect your physical assets.

After watching a franchise owner attempt to memory-hole $200,000 worth of vintage plastic using a simple bulk-import loophole, I realized "cloud synchronization" is often just a polite term for a system that can be rewritten without an audit trail.

As developers, we obsess over event sourcing and ACID compliance. We assume the enterprise software running brick-and-mortar retail has these same safeguards.

We are dead wrong. Most retail POS systems are glorified Excel sheets with a web wrapper, and they are trivial to manipulate if you know where the CSV export button is.

What I uncovered last week wasn't just a retail dispute; it was a fundamental architectural flaw in how modern point-of-sale systems handle data mutability.

Here is how a massive physical heist was hidden behind a "database error," and how a weekend Go project caught them in the act.

The Disappearance: Salem, Oregon

My friend Bryan is a collector. He spent fifteen years amassing a museum-grade collection, including sealed original Star Wars UCS sets and pristine 1980s Castle runs.

In 2024, he consigned the lot to a Bricks & Minifigs branch in Salem, Oregon. The agreement was simple: they sell it, they take a small commission, and he gets his payout.

For months, things were smooth. Bryan had a vendor dashboard to track sales. Then, in early May 2026, the dashboard went completely blank.

The store's new management gave him a classic technical excuse: "We had a severe database migration error when merging franchise accounts. Your vendor tags were wiped.

We're working with IT, but the inventory is currently unrecorded."

I told Bryan data doesn't just evaporate. I asked for the original 14,000-row CSV manifest he signed when he dropped the collection off, and I decided to audit the store's public inventory endpoints.

The Audit: Logic Over Lies

My hypothesis was specific: if the data was "corrupted," the store's e-commerce presence would be chaotic.

But if the inventory was stolen, the physical sets would still be in the system, just decoupled from Bryan's vendor ID.

I needed to cross-reference his manifest against the live inventory of the entire regional network.

I chose Go for its concurrency primitives.

I needed to hit dozens of paginated GraphQL endpoints, download tens of thousands of JSON payloads, and diff them against a massive local dataset without triggering rate limits.

Using Go’s sync.WaitGroup and buffered channels, I could perform high-throughput API scraping with minimal overhead.

I used only publicly exposed endpoints. I wasn't "hacking"—I was simply asking the store's servers what they had in stock and looking for the "fingerprints" of Bryan's rare sets.

The "Ghost" SKUs

The first pass was discouraging. Bryan's specific SKUs—formatted like 10179-UCS-CON-BRYAN—were gone.

But when I adjusted my Go structs to search by metadata—piece counts, box weights, and set numbers—the "ghosts" appeared.

I found a sealed 2007 Millennium Falcon. The piece count matched. The condition matched. But the SKU was now 10179-UCS-BAM-RET.

The -CON (consignment) tag had been replaced with -RET (retail), indicating the store now owned the item outright.

I wasn't looking for identical items; I was looking for the structural fingerprint of a specific collection.

// Fingerprint matching logic to identify "re-labeled" inventory
func matchStolenInventory(originalItem Item, liveInventory []Item) bool {
    for _, liveItem := range liveInventory {
        // Match by unique metadata: Set Number + Piece Count + Weight
        if liveItem.SetNumber == originalItem.SetNumber && 
           liveItem.PieceCount == originalItem.PieceCount &&
           liveItem.Weight == originalItem.Weight {
            
            // If the set matches but the vendor tag was stripped
            if !strings.Contains(liveItem.SKU, "CON-BRYAN") {
                log.Printf("Found mutated SKU: %s -> %s | UpdatedAt: %s", 
                    originalItem.SKU, liveItem.SKU, liveItem.UpdatedAt)
                return true
            }
        }
    }
    return false
}

When I ran the full audit, the results were staggering.

The script positively identified 11,842 of Bryan's items sitting actively in the store's retail inventory. The total value of the items they had silently transferred ownership of? $164,300.


The Smoking Gun: Midnight Mutations

The GraphQL endpoint revealed the final piece of evidence: the updatedAt and updatedBy fields. Every single one of the 11,842 items had been modified on April 28th, 2026, between 2:14 AM and 2:18 AM.

Database "corruption" doesn't neatly update 11,000 records in a four-minute window in the middle of the night. A store manager running a bulk CSV import does.

Bryan took my Go-generated audit logs, the API payloads, and the original contract to his lawyer.

Faced with a 400-page PDF of irrefutable digital evidence, the franchise owner settled out of court last week for the full value of the collection plus damages.

The Lesson for Developers

If you're building financial or inventory software, you need to look at this failure and feel uncomfortable.

This theft was only possible because the POS software allowed destructive state mutations without an immutable audit log.


    
Use Event Sourcing: State should be a projection of immutable events, not a row in a table you can overwrite with a CSV upload.
    
Implement Immutable Logs: Every UPDATE trigger must write the before-and-after state to an append-only audit table that users cannot modify.
    
Metadata Fingerprinting: When tracking high-value physical assets, use multiple data points (weight, dimensions, piece counts) to ensure an item can't be "renamed" to hide its origin.


We spend our time worrying about zero-day exploits and encryption, while users are committing six-figure fraud with "Find & Replace" and a poorly designed upload button.

If we don't build systems that resist silent mutation, we are complicit in the theft.





            
Story Sources
            

                Redditr/lego
                YouTube@RecklessBen
            
        

            
From the Author
            

            

                

                    

                    
TimerForge
                
                
Track time smarter, not harder
                
Beautiful time tracking for freelancers and teams. See where your hours really go.
                Learn More →
            
            
            

                

                    

                    
AutoArchive Mail
                
                
Never lose an email again
                
Automatic email backup that runs 24/7. Perfect for compliance and peace of mind.
                Learn More →
            
            
            

                

                    

                    
CV Matcher
                
                
Land your dream job faster
                
AI-powered CV optimization. Match your resume to job descriptions instantly.
                Get Started →
            
            
        
            
            
        

            

                
Stay in the loop
                
Get the latest AI and tech analysis delivered straight to your inbox. No noise, just the stories that matter.
                
                

                    
                    Join Newsletter
                    
No spam. Unsubscribe at any time.
                
            
        
            
        

            
Read Next
            

                
            
                

                

                    
Stop Using Google. This "Googlebook" Secret Changes Everything.
                    
May 21, 2026
                
            
            
                

                

                    
GitHub Engineers Don’t Want You To See This. It’s Worse Than You Think
                    
May 21, 2026
                
            
            
                

                

                    
GitHub Just Quietly Failed. It’s Worse Than You Think
                    
May 05, 2026
                
            
            
        
            
            

            
Hey friends, thanks heaps for reading this one! 🙏
            
Appreciate you taking the time. If it resonated, sparked an idea, or just made you nod along — let's keep the conversation going in the comments! ❤️