In brief
- Figure confirmed a data breach, saying that an employee was tricked in a social engineering attack.
- Stolen files allegedly include names, addresses, dates of birth, and phone numbers, per a report.
- The publicly traded lender says it is offering free credit monitoring to affected individuals.
Figure Technology confirmed Friday that it suffered a customer data breach after an employee was targeted in a social engineering attack.
The hacking group ShinyHunters claimed responsibility, saying Figure refused to pay a ransom and that it published 2.5 gigabytes of stolen data. TechCrunch, which first reported on the breach, said that it reviewed some of the files, which included customers’ full names, home addresses, dates of birth, and phone numbers.
“We recently identified that an employee was socially engineered, and that allowed an actor to download a limited number of files through their account,” Figure said in a statement shared with Decrypt. “We acted quickly to block the activity and retained a forensic firm to investigate what files were affected.”
Social engineering refers to when attackers manipulate employees through deceptive emails, calls, or messages to gain access to corporate systems, often by tricking them into sharing credentials or approving unauthorized requests.
A January report by Chainalysis said that over $17 billion in crypto was stolen last year through AI-powered impersonation scams.
Data breaches remained widespread in 2025, with regulators logging more than 8,000 notification filings tied to over 4,000 separate incidents affecting at least 374 million people, according to a December 2025 report by the Privacy Rights Clearinghouse.
Founded in 2018, Figure is a New York–based lender that runs its loan platform on the Provenance blockchain, focusing on home equity lines of credit. Figure went public in September 2025 under the ticker FIGR, raising $787.5 million in an IPO that valued it at about $5.3 billion.
While the spokesperson declined to go into further detail, a member of ShinyHunters reportedly told TechCrunch the breach was part of a broader campaign targeting companies that rely on single sign-on provider Okta. Other alleged victims included Harvard University and the University of Pennsylvania.
Figure said it is communicating with partners and impacted parties, as well as implementing additional safeguards.
“We are offering complimentary credit monitoring to all individuals who receive a notice,” the company said. “We continuously monitor accounts and have strong safeguards in place to protect customers’ funds and accounts.”
The news of the data breach comes as Figure announced Friday the launch of a proposed secondary public offering of up to 4,230,000 shares of its Series A Blockchain Common Stock, with plans to repurchase up to $30 million of Class A shares from underwriters.
Figure’s stock finished the day up 3.57% at a price of $35.29, though it has fallen 37% over the last month.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Shiba Inu: Alert Issued as SHIB Participant Social Media Account Gets Hacked - U.Today
Ragnarshib warns the Shiba Inu community about a hacked account belonging to Vet Kusama, currently used by scammers to send fraudulent messages. Users are advised not to interact with the account or its links until it is recovered.
UToday1h ago
IoTeX Releases ioTube Security Incident Report: Actual Losses Approximately $4.4 Million, Pledges Full Compensation to Affected Users
IoTeX reports that the ioTube cross-chain bridge incident on March 6 resulted in approximately $4.4 million in losses. 99.5% of the stolen assets have been frozen, and the team has committed to fully compensate affected users. The mainnet has resumed operation, and the attacker’s address has been blacklisted. Meanwhile, efforts are underway to promote decentralized governance and security audits.
GateNews4h ago
Prince Group is laundering 10.7 billion NT dollars in Taiwan! Developing their own "OJBK Wallet" to connect with underground currency exchanges.
Taipei District Prosecutors Office is investigating the Cambodia "Prince Group" money laundering case, indicting 62 individuals and 13 companies. The involved amount of money laundering is 10.7 billion, and assets worth 5.5 billion have been seized. The group used USDT and their self-developed "OJBK Wallet" to conduct cross-border money laundering, conceal criminal proceeds, and withdraw cash in multiple countries.
区块客6h ago
HypurrFi reveals that early versions of Aave V3 had a rounding error vulnerability, and the addition of new lending markets for XAUT0 and UBTC has been suspended.
HyperEVM's custodial lending protocol HypurrFi disclosed that previous versions of Aave V3 had a "rounding error" vulnerability, allowing attackers to extract underlying tokens. HypurrFi guarantees the safety of user funds, has paused supply and borrowing operations in affected markets, and is working with relevant parties to address security issues.
GateNews7h ago
AI agents bypass Cloudflare protection, encrypting DeFi front-end security faces further tests
Recently, the autonomous AI agent OpenClaw successfully bypassed Cloudflare defenses using the Scrapling library, raising concerns about DeFi security. Although the tool can legally scrape content, the potential risks remind developers to establish multiple layers of defense and avoid over-reliance on traditional protection measures.
GateNews8h ago
MONTRA token team "ran away," causing the market cap to instantly evaporate by 80%, blamed on Iran's conscription.
Cryptocurrency project Montra Finance has suspended its project after the development team was conscripted by Iran, leading to an 80% plunge in the token's market value. The lack of official information has raised investor doubts, with some believing this is a "exit scam." The incident highlights the impact of geopolitics on the crypto market, and investors should remain cautious of opaque projects.
GateNews8h ago
