In brief
- Figure confirmed a data breach, saying that an employee was tricked in a social engineering attack.
- Stolen files allegedly include names, addresses, dates of birth, and phone numbers, per a report.
- The publicly traded lender says it is offering free credit monitoring to affected individuals.
Figure Technology confirmed Friday that it suffered a customer data breach after an employee was targeted in a social engineering attack.
The hacking group ShinyHunters claimed responsibility, saying Figure refused to pay a ransom and that it published 2.5 gigabytes of stolen data. TechCrunch, which first reported on the breach, said that it reviewed some of the files, which included customers’ full names, home addresses, dates of birth, and phone numbers.
“We recently identified that an employee was socially engineered, and that allowed an actor to download a limited number of files through their account,” Figure said in a statement shared with Decrypt. “We acted quickly to block the activity and retained a forensic firm to investigate what files were affected.”
Social engineering refers to when attackers manipulate employees through deceptive emails, calls, or messages to gain access to corporate systems, often by tricking them into sharing credentials or approving unauthorized requests.
A January report by Chainalysis said that over $17 billion in crypto was stolen last year through AI-powered impersonation scams.
Data breaches remained widespread in 2025, with regulators logging more than 8,000 notification filings tied to over 4,000 separate incidents affecting at least 374 million people, according to a December 2025 report by the Privacy Rights Clearinghouse.
Founded in 2018, Figure is a New York–based lender that runs its loan platform on the Provenance blockchain, focusing on home equity lines of credit. Figure went public in September 2025 under the ticker FIGR, raising $787.5 million in an IPO that valued it at about $5.3 billion.
While the spokesperson declined to go into further detail, a member of ShinyHunters reportedly told TechCrunch the breach was part of a broader campaign targeting companies that rely on single sign-on provider Okta. Other alleged victims included Harvard University and the University of Pennsylvania.
Figure said it is communicating with partners and impacted parties, as well as implementing additional safeguards.
“We are offering complimentary credit monitoring to all individuals who receive a notice,” the company said. “We continuously monitor accounts and have strong safeguards in place to protect customers’ funds and accounts.”
The news of the data breach comes as Figure announced Friday the launch of a proposed secondary public offering of up to 4,230,000 shares of its Series A Blockchain Common Stock, with plans to repurchase up to $30 million of Class A shares from underwriters.
Figure’s stock finished the day up 3.57% at a price of $35.29, though it has fallen 37% over the last month.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Bitcoin Depot Discloses $3.6M BTC Theft After Hack on Settlement Accounts
Bitcoin Depot reported a security breach where hackers stole 50.9 BTC, worth approximately $3.6 million, by compromising internal settlement account credentials. This incident highlights vulnerabilities in crypto companies' operational infrastructure, emphasizing the need for enhanced security measures.
CryptoNewsFlash2h ago
Aethir Successfully Thwarts an ATH Token Cross-Chain Bridge Attack, with User Losses Below $90k
Aethir issued a security advisory on April 10, confirming that it successfully blocked a malicious attack on the ATH token cross-chain bridge contract, with losses under $90k. All affected contracts have been disconnected, and the core circulating supply remains intact. Aethir will work with trading platforms and law enforcement agencies to support the freezing of funds and the identification and tracking of the attacker, and it will publish investigation updates and a compensation plan in its Discord community.
GateNews3h ago
Claude code leak sparks an LLM crisis, hackers have stolen researchers’ ETH
Security research reveals that in the LLM agent ecosystem, over 20% of free API routers actively inject malicious code, leading to asset theft and credential crises. In addition, the Claude code-leak incident has enabled attackers to spread malware by exploiting developers’ curiosity. The research team proposes a three-layer defense mechanism to address supply-chain security risks.
MarketWhisper4h ago
Solayer founder issues a warning: AI agent routers face malicious injection risks, and ETH is being stolen
Solayer’s founder exposes a security vulnerability in large language model (LLM) routers; in 428 routers, more than 20% exhibit malicious behavior, such as private keys being stolen. The research recommends that developers implement a separate end-to-end integrity verification mechanism on the client side and provides three defense options to mitigate supply-chain attacks.
MarketWhisper4h ago
The U.S. Department of the Treasury expands financial-grade cybersecurity intelligence to the crypto industry, and digital asset companies are receiving, for the first time, treatment on par with traditional finance.
The U.S. Department of the Treasury’s Office of Cybersecurity and Critical Infrastructure Protection announced that it will expand free cyber threat intelligence to eligible digital asset companies—marking the first time the cryptocurrency industry has been included in the country’s national financial cybersecurity information-sharing framework. This initiative is intended to help digital asset companies respond to cyber threats more effectively and to align with relevant policy recommendations to strengthen the resilience and security of the financial system.
ChainNewsAbmedia4h ago
Solayer’s founder releases research on LLM supply chain security; more than 2% of free routers have been exposed as having been maliciously injected
Solayer’s founder reveals safety risks of large language models, pointing out that LLM agents relying on third-party API routers face a risk of being attacked by malicious code. Testing shows that multiple routers have security vulnerabilities, and can even leak sensitive credentials. In addition, research demonstrates feasible attack methods and defense measures.
GateNews5h ago
