In brief
- Figure confirmed a data breach, saying that an employee was tricked in a social engineering attack.
- Stolen files allegedly include names, addresses, dates of birth, and phone numbers, per a report.
- The publicly traded lender says it is offering free credit monitoring to affected individuals.
Figure Technology confirmed Friday that it suffered a customer data breach after an employee was targeted in a social engineering attack.
The hacking group ShinyHunters claimed responsibility, saying Figure refused to pay a ransom and that it published 2.5 gigabytes of stolen data. TechCrunch, which first reported on the breach, said that it reviewed some of the files, which included customers’ full names, home addresses, dates of birth, and phone numbers.
“We recently identified that an employee was socially engineered, and that allowed an actor to download a limited number of files through their account,” Figure said in a statement shared with Decrypt. “We acted quickly to block the activity and retained a forensic firm to investigate what files were affected.”
Social engineering refers to when attackers manipulate employees through deceptive emails, calls, or messages to gain access to corporate systems, often by tricking them into sharing credentials or approving unauthorized requests.
A January report by Chainalysis said that over $17 billion in crypto was stolen last year through AI-powered impersonation scams.
Data breaches remained widespread in 2025, with regulators logging more than 8,000 notification filings tied to over 4,000 separate incidents affecting at least 374 million people, according to a December 2025 report by the Privacy Rights Clearinghouse.
Founded in 2018, Figure is a New York–based lender that runs its loan platform on the Provenance blockchain, focusing on home equity lines of credit. Figure went public in September 2025 under the ticker FIGR, raising $787.5 million in an IPO that valued it at about $5.3 billion.
While the spokesperson declined to go into further detail, a member of ShinyHunters reportedly told TechCrunch the breach was part of a broader campaign targeting companies that rely on single sign-on provider Okta. Other alleged victims included Harvard University and the University of Pennsylvania.
Figure said it is communicating with partners and impacted parties, as well as implementing additional safeguards.
“We are offering complimentary credit monitoring to all individuals who receive a notice,” the company said. “We continuously monitor accounts and have strong safeguards in place to protect customers’ funds and accounts.”
The news of the data breach comes as Figure announced Friday the launch of a proposed secondary public offering of up to 4,230,000 shares of its Series A Blockchain Common Stock, with plans to repurchase up to $30 million of Class A shares from underwriters.
Figure’s stock finished the day up 3.57% at a price of $35.29, though it has fallen 37% over the last month.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Former BCB Group CEO was robbed at knifepoint, with the robber explicitly demanding cryptocurrency private keys
Former BCB Group CEO Oliver von Landsberg-Sadie and his family were robbed at home at knifepoint, with the assailants explicitly demanding cryptocurrency wallet keys. In the end, they only stole cash, silverware, and jewelry. Police have been brought in to investigate, and Oliver is warning public figures to be alert to this kind of crime.
GateNews3h ago
American musician G.Love mistakenly downloaded a malicious Ledger app, losing 5.92 BTC, and the funds have already flowed into a certain CEX
Philadelphia musician G.Love had about 5.92 Bitcoins stolen due to mistakenly downloading a counterfeit app. On-chain investigator ZachXBT traced the flow of funds and questioned Apple’s App Store review process, saying it allows counterfeit apps to be listed, increasing user risk.
GateNews5h ago
Security expert: North Korea has turned cryptocurrency theft into a way to finance military spending, and it has become a systemic threat
North Korean hackers’ attacks against the cryptocurrency industry continue to escalate, becoming an important source of funding for maintaining their military budget. Experts say that, unlike hackers from other countries, North Korea relies more heavily on crypto theft; its tactics have evolved into precision takeover—long-term infiltration that is difficult to effectively defend against—posing a serious threat to the industry.
GateNews6h ago
German hackers arrested in Bangkok over alleged cryptocurrency extortion and 74 arrest warrants for cybercrimes
A 27-year-old German hacker, Noah Christopher, was arrested in Thailand and faces up to 74 counts of cybercrime, accused of developing ransomware and providing network attack services, involving transnational cybercrime. His visa was revoked, and he is awaiting extradition to Germany.
GateNews8h ago
Zerion Goes Dark Online – Here’s What Users Need to Know Now
Zerion took its web app offline after detecting unusual activity, urging users to avoid it while confirming mobile apps remain safe. The incident underscores the vulnerabilities of web interfaces in DeFi. More updates will follow.
LiveBTCNews8h ago
Phantom wallet crashes hard! During the airdrop period, token prices get mixed up, balances go to zero—users blast it for “making people lose money”
Phantom wallet in Solana’s ecosystem experienced a service outage during the airdrop period, causing abnormal token prices and account balances to be displayed, which affected users’ transactions. Some users suffered losses as a result and are demanding compensation. Security experts warned of phishing attack risks and advised users to verify on-chain data. Although the issue has been resolved, the trust crisis still needs to be monitored. This incident highlights the challenges self-custody wallets face in terms of system stability and user experience.
区块客10h ago
