Figure probes customer data breach as hackers leak files, adding to rising crypto fraud and identity crime concerns.
Figure Technology, a blockchain-based lending company, has confirmed a data breach following a social engineering attack. Hackers gained access after tricking an employee and stole a limited number of files. Company representatives say outreach to affected parties is underway.
Figure Investigates Data Leak as Hackers Release Stolen Files Online
Figure spokesperson Alethea Jadick said attackers obtained “a limited number of files” after deceiving an employee. The company is contacting partners and anyone who may be affected and offering free credit monitoring to those who receive a notice.
Notably, lending records contain sensitive personal details, including names, home addresses, dates of birth, Social Security numbers, income documents, and bank details. Even a portion of this data can be enough for identity theft, financial fraud, or targeted scams. However, Figure has not yet specified which types of information may have been exposed.
Cybercrime group ShinyHunters claimed it was behind the attack and posted stolen data on its dark web site. The group said Figure refused to pay a ransom and therefore released about 2.5 gigabytes of data online. TechCrunch reviewed part of the leak, which included customer names, home addresses, dates of birth, and phone numbers.
A member of ShinyHunters said the campaign focused on companies using Okta, a service that manages login access. Reported victims also include Harvard University and the University of Pennsylvania.
ShinyHunters uses a method called “double extortion.” First, hackers break in and copy private data. Then they demand money and threaten to publish that data if they are not paid. Security researchers say attackers exploit weak passwords, third-party services, or poorly secured online storage systems.
Data Breaches Impact Millions as Financial Sector Faces Rising Threats
Financial companies are frequent targets of data theft and extortion because they store sensitive personal data. Information such as names, addresses, and ID numbers can be sold or used for fraudulent purposes.
A Chainalysis report found that criminals stole more than $17 billion in crypto last year. Many of those thefts involved scammers impersonating trusted individuals or companies. According to the report, criminals sometimes use artificial intelligence to make their messages appear authentic.
Cyberattacks remained widespread in 2025, with reports showing that large-scale data breaches continued to affect millions of people. Privacy Rights Clearinghouse reports show that regulators received more than 8,000 breach notifications.
Those filings were linked to over 4,000 separate hacking incidents. In total, at least 374 million people had some of their personal information exposed.
Moreover, Figure recently revealed plans to sell up to 4,230,000 additional shares to investors. Companies often sell shares to raise money for operations or future growth. Figure also stated it may buy back up to $30 million worth of another class of its stock from the financial firms managing the sale.
At the time of writing, Figure’s stock price rose 3.57% on Friday, closing at $35.29. Even with that daily gain, shares are still down 37% over the past month, indicating a sharp decline in value.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Claude code leak sparks an LLM crisis, hackers have stolen researchers’ ETH
Security research reveals that in the LLM agent ecosystem, over 20% of free API routers actively inject malicious code, leading to asset theft and credential crises. In addition, the Claude code-leak incident has enabled attackers to spread malware by exploiting developers’ curiosity. The research team proposes a three-layer defense mechanism to address supply-chain security risks.
MarketWhisper25m ago
Solayer founder issues a warning: AI agent routers face malicious injection risks, and ETH is being stolen
Solayer’s founder exposes a security vulnerability in large language model (LLM) routers; in 428 routers, more than 20% exhibit malicious behavior, such as private keys being stolen. The research recommends that developers implement a separate end-to-end integrity verification mechanism on the client side and provides three defense options to mitigate supply-chain attacks.
MarketWhisper44m ago
The U.S. Department of the Treasury expands financial-grade cybersecurity intelligence to the crypto industry, and digital asset companies are receiving, for the first time, treatment on par with traditional finance.
The U.S. Department of the Treasury’s Office of Cybersecurity and Critical Infrastructure Protection announced that it will expand free cyber threat intelligence to eligible digital asset companies—marking the first time the cryptocurrency industry has been included in the country’s national financial cybersecurity information-sharing framework. This initiative is intended to help digital asset companies respond to cyber threats more effectively and to align with relevant policy recommendations to strengthen the resilience and security of the financial system.
ChainNewsAbmedia1h ago
Solayer’s founder releases research on LLM supply chain security; more than 2% of free routers have been exposed as having been maliciously injected
Solayer’s founder reveals safety risks of large language models, pointing out that LLM agents relying on third-party API routers face a risk of being attacked by malicious code. Testing shows that multiple routers have security vulnerabilities, and can even leak sensitive credentials. In addition, research demonstrates feasible attack methods and defense measures.
GateNews1h ago
France Passes Custodial Wallet Declaration Law, Tax Authorities Warn of Potential Hacker Attacks
The French National Assembly has passed a rule requiring mandatory reporting of crypto assets held in self-custody wallets above 5,000 euros, applicable to multiple mainstream wallets. The DGFIP opposes this, arguing that enforcement will be difficult and that data centralization will increase user risk. Experts say the law may be hard to implement and urge users to closely monitor subsequent developments.
MarketWhisper1h ago
