Buy Crypto
Pay with
USD
USD
Buy & Sell
Hot
Supports Visa, MasterCard, SEPA & more
P2P
0 Fees
Flexible trading, zero fees
Gate Card
Use your crypto for payments worldwide
Markets
Trade
Basic
Advanced
Futures
Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Earn
Launch
CandyDrop
tag
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Launchpad
Be early to the next big token project
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Investment
Square
Square
Post, share, and explore crypto trends
Live
moments live
Live crypto market analysis
Chat
Chat with crypto traders
News
What is happening in crypto
flower_head
More
Promotions
AI
Diğerleri
TradFi
Rewards

Publicly Traded Blockchain Lender Figure Confirms Customer Data Breach

Decrypt
Security Incidents

In brief

  • Figure confirmed a data breach, saying that an employee was tricked in a social engineering attack.
  • Stolen files allegedly include names, addresses, dates of birth, and phone numbers, per a report.
  • The publicly traded lender says it is offering free credit monitoring to affected individuals.

Figure Technology confirmed Friday that it suffered a customer data breach after an employee was targeted in a social engineering attack. The hacking group ShinyHunters claimed responsibility, saying Figure refused to pay a ransom and that it published 2.5 gigabytes of stolen data. TechCrunch, which first reported on the breach, said that it reviewed some of the files, which included customers’ full names, home addresses, dates of birth, and phone numbers. “We recently identified that an employee was socially engineered, and that allowed an actor to download a limited number of files through their account,” Figure said in a statement shared with Decrypt. “We acted quickly to block the activity and retained a forensic firm to investigate what files were affected.” 

Social engineering refers to when attackers manipulate employees through deceptive emails, calls, or messages to gain access to corporate systems, often by tricking them into sharing credentials or approving unauthorized requests. A January report by Chainalysis said that over $17 billion in crypto was stolen last year through AI-powered impersonation scams. Data breaches remained widespread in 2025, with regulators logging more than 8,000 notification filings tied to over 4,000 separate incidents affecting at least 374 million people, according to a December 2025 report by the Privacy Rights Clearinghouse. Founded in 2018, Figure is a New York–based lender that runs its loan platform on the Provenance blockchain, focusing on home equity lines of credit. Figure went public in September 2025 under the ticker FIGR, raising $787.5 million in an IPO that valued it at about $5.3 billion.

While the spokesperson declined to go into further detail, a member of ShinyHunters reportedly told TechCrunch the breach was part of a broader campaign targeting companies that rely on single sign-on provider Okta. Other alleged victims included Harvard University and the University of Pennsylvania. Figure said it is communicating with partners and impacted parties, as well as implementing additional safeguards. “We are offering complimentary credit monitoring to all individuals who receive a notice,” the company said. “We continuously monitor accounts and have strong safeguards in place to protect customers’ funds and accounts.” The news of the data breach comes as Figure announced Friday the launch of a proposed secondary public offering of up to 4,230,000 shares of its Series A Blockchain Common Stock, with plans to repurchase up to $30 million of Class A shares from underwriters. Figure’s stock finished the day up 3.57% at a price of $35.29, though it has fallen 37% over the last month.

Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to Disclaimer.

Related Articles

DeFi Protocol Moonwell Faces $1M Threat After Cheap Token Buy

Project ProgressSecurity Incidents

_Moonwell faces $1M risk after attacker buys cheap tokens and submits malicious vote proposal to gain control of DeFi lending protocol contracts._ A decentralized finance platform called Moonwell is facing a serious security threat after a very cheap attack. The incident was a surprise to the

LiveBTCNews4h ago

Resolv: Strongly recommend not to trade or acquire USR at this time.

Daily Crypto NewsSecurity Incidents

Resolv Labs strongly advises against trading or acquiring USR, as illegally minted USR has been mixed with legitimate USR, posing trading risks. An recovery plan for affected holders is currently under evaluation, but the effectiveness of any remedial measures cannot be guaranteed. Continuing to trade may complicate the asset recovery process.

BlockBeatNews9h ago

A CEX platform requires users to input their plaintext seed phrase on a specific page.

Security IncidentsExchange Risk

Gate News reports that on March 26, Co-founder Yu Xian of SlowMist stated that a certain CEX has taken down the page that required users to input their plaintext seed phrases. He pointed out that the security model for online web pages is very weak, much lower than that of extensions and apps; collecting plaintext seed phrases through online web pages is easy for phishing sites to imitate and has long been a common phishing tactic.

GateNews9h ago

Moonwell suffers governance attack; attacker attempts to control over $1 million in funds with $1,800.

Security Incidents

DeFi lending protocol Moonwell has experienced a governance attack. The attacker purchased approximately 40 million MFAM tokens for $1,800 and attempted to transfer admin rights of core contracts such as the lending market through a proposal to extract user funds. Voting is currently underway, with opposition votes leading, but the outcome has not yet been decided.

BlockBeatNews10h ago

Moonwell suffers governance attack, with attackers spending $1,800 to push malicious proposals, risking $1.08 million in funds.

Security Incidents

On March 26, DeFi lending protocol Moonwell was subjected to a governance attack. The attacker used about $1,800 to purchase 40 million MFAM tokens and pushed a malicious proposal, putting over $1 million of user funds at risk. The proposal transferred control to the attacker's contract, affecting multiple lending markets.

GateNews10h ago

U.S. Indicts Chinese Firms in Fentanyl Case Involving Crypto Payment Networks

GeopoliticsEnforcement ActionsSecurity IncidentsOn-Chain Data

U.S. prosecutors have indicted Chinese companies and nationals for supplying fentanyl precursors and facilitating payments via cryptocurrency. The case, linked to global networks and targeting international smuggling, highlights the role of stablecoin flows in the drug trade.

LiveBTCNews11h ago
Comment
0/400
No comments