Figure Technology, the publicly traded blockchain lender, confirmed on Friday that it suffered a customer data breach after an employee fell victim to a social engineering attack. The New York-based company, which went public in September 2025 under the ticker FIGR, disclosed the incident and said it is offering free credit monitoring to affected individuals.
Hacking group ShinyHunters claimed responsibility for the breach, alleging that Figure refused to pay ransom and that it published 2.5 gigabytes of stolen data.
TechCrunch, which first reported on the breach, reviewed some of the stolen files and confirmed they contained customers’ full names, home addresses, dates of birth, and phone numbers.
“We recently identified that an employee was socially engineered, and that allowed an actor to download a limited number of files through their account,” Figure said in a statement. “We acted quickly to block the activity and retained a forensic firm to investigate what files were affected.”
Social engineering is a tactic where attackers manipulate employees through deceptive emails, calls, or messages to gain access to corporate systems. Attackers typically trick workers into sharing credentials or approving unauthorized requests. In Figure’s case, the compromised employee account provided access to customer files.
ShinyHunters reportedly told TechCrunch that the breach was part of a campaign targeting companies that rely on Okta, a widely used single sign-on provider. Other alleged victims of this same campaign included Harvard University and the University of Pennsylvania.
A January report by Chainalysis found that over $17 billion in cryptocurrency was stolen in 2024 through AI-powered impersonation scams since AI technologies went mainstream
Figure said it is communicating with partners and impacted parties while implementing additional safeguards. The company plans to offer complimentary credit monitoring to all individuals who receive a breach notification notice.
“We continuously monitor accounts and have strong safeguards in place to protect customers’ funds and accounts,” the company said in its statement. The blockchain lender did not disclose the total number of affected customers or provide additional details about the scope of the breach.
The Figure breach is far from isolated. A December 2025 report by the Privacy Rights Clearinghouse found that regulators logged more than 8,000 notification filings tied to over 4,000 separate incidents in 2025 alone, affecting at least 374 million people globally.
For Figure specifically, the breach comes as the company announced a proposed secondary public offering of up to 4.23 million shares of its Series A Blockchain Common Stock, along with plans to repurchase up to $30 million of Class A shares from underwriters.
See also: FTC Forces Nomad Bridge Operator to Repay $186M After Hack Exposed Security Failures
Figure runs its loan platform on the Provenance blockchain, focusing primarily on home equity lines of credit. The company went public in September 2025, raising $787.5 million in an IPO that valued it at approximately $5.3 billion. Founded in 2018, Figure has positioned itself as a blockchain-native lending alternative in the traditional finance space.
On Friday, Figure’s stock closed up 3.57% at $35.29 per share. However, the stock has fallen 37% over the previous month, even before the attack.
If you’re reading this, you’re already ahead. Stay there, by joining the…
Dipprofit’s private Telegram community
Discover more from Dipprofit
Subscribe to get the latest posts sent to your email.
