-
Figure Tech breached after an employee fell for a scam; ShinyHunters leaked 2.5GB of sensitive data.
-
Step Finance lost $29M in SOL after hackers accessed treasury wallets, cause remains unclear.
-
Social engineering and AI scams are rising, threatening both tech firms and crypto platforms alike.
A growing wave of cyberattacks has shaken the tech and crypto sectors, highlighting the risks of human-targeted exploits. Recently, Figure Technology disclosed a breach after an employee fell for a social engineering scam, allowing hackers to access a few files.
The company confirmed that it had notified the affected partners and provided them with free credit monitoring services. Moreover, the reporters highlighted that the spokesperson of Figure did not respond to several specific questions regarding the breach. The black-hat hacking group ShinyHunters took responsibility for the breach on their dark web platform, claiming that the company failed to satisfy their demands, leading to the leakage of 2.5 GB data.
In addition, Figure explained, “We also recently discovered that an individual was tricked into handing over their login credentials, which allowed a user to download a few files using their account. We immediately acted to put a stop to it and retained a forensic firm to help determine which files were compromised.” As a result, it was determined that the attack was a social engineering attack, which relies on psychological manipulation to obtain unauthorized access.
Recently, Chainalysis reported that scammers have managed to steal a staggering $17 billion in cryptocurrency within the last year using AI to enhance impersonation and social engineering attacks. This is in line with the industry concern that arose after a report by Privacy Rights Clearinghouse in December 2025, which indicated that regulators have filed over 8,000 filings that affect at least 374 million people.
Broader Implications for Tech and Crypto
Anonymous sources revealed that Figure’s breach might be part of a larger campaign targeting companies using Okta’s single sign-on service. Other alleged victims include the University of Pennsylvania and Harvard University.
Meanwhile, Step Finance, a major DeFi platform on Solana, confirmed a breach affecting several treasury and fee wallets. Onchain data shows hackers unstaked about 261,854 SOL, moving funds to unknown addresses. At a price of $110 per SOL, these transfers total nearly $29 million.
Step Finance posted on X, “We experienced a security breach in some of our treasury wallets a few hours ago, and we are currently looking into it… We will share more details later.” However, the company did not specify the breach’s root cause, sparking speculation over smart contract flaws or access control issues.
Consequently, the community questioned whether user funds outside treasury wallets faced risk. Despite repeated media inquiries, Step Finance declined to provide further comment.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Former BCB Group CEO was robbed at knifepoint, with the robber explicitly demanding cryptocurrency private keys
Former BCB Group CEO Oliver von Landsberg-Sadie and his family were robbed at home at knifepoint, with the assailants explicitly demanding cryptocurrency wallet keys. In the end, they only stole cash, silverware, and jewelry. Police have been brought in to investigate, and Oliver is warning public figures to be alert to this kind of crime.
GateNews16m ago
American musician G.Love mistakenly downloaded a malicious Ledger app, losing 5.92 BTC, and the funds have already flowed into a certain CEX
Philadelphia musician G.Love had about 5.92 Bitcoins stolen due to mistakenly downloading a counterfeit app. On-chain investigator ZachXBT traced the flow of funds and questioned Apple’s App Store review process, saying it allows counterfeit apps to be listed, increasing user risk.
GateNews2h ago
Security expert: North Korea has turned cryptocurrency theft into a way to finance military spending, and it has become a systemic threat
North Korean hackers’ attacks against the cryptocurrency industry continue to escalate, becoming an important source of funding for maintaining their military budget. Experts say that, unlike hackers from other countries, North Korea relies more heavily on crypto theft; its tactics have evolved into precision takeover—long-term infiltration that is difficult to effectively defend against—posing a serious threat to the industry.
GateNews2h ago
German hackers arrested in Bangkok over alleged cryptocurrency extortion and 74 arrest warrants for cybercrimes
A 27-year-old German hacker, Noah Christopher, was arrested in Thailand and faces up to 74 counts of cybercrime, accused of developing ransomware and providing network attack services, involving transnational cybercrime. His visa was revoked, and he is awaiting extradition to Germany.
GateNews4h ago
Zerion Goes Dark Online – Here’s What Users Need to Know Now
Zerion took its web app offline after detecting unusual activity, urging users to avoid it while confirming mobile apps remain safe. The incident underscores the vulnerabilities of web interfaces in DeFi. More updates will follow.
LiveBTCNews5h ago
Phantom wallet crashes hard! During the airdrop period, token prices get mixed up, balances go to zero—users blast it for “making people lose money”
Phantom wallet in Solana’s ecosystem experienced a service outage during the airdrop period, causing abnormal token prices and account balances to be displayed, which affected users’ transactions. Some users suffered losses as a result and are demanding compensation. Security experts warned of phishing attack risks and advised users to verify on-chain data. Although the issue has been resolved, the trust crisis still needs to be monitored. This incident highlights the challenges self-custody wallets face in terms of system stability and user experience.
区块客6h ago
