Blockchain-based lender Figure Technologies confirmed a data breach after an employee was tricked in a social engineering attack. The hacking group ShinyHunters claimed responsibility, stating it released 2.5 gigabytes of stolen files containing customer names, addresses, dates of birth, and phone numbers after the company refused a ransom. Figure is offering free credit monitoring and stated it has strong safeguards to protect customer funds and accounts.
Figure Technology confirmed it suffered a customer data breach after an employee was targeted in a social engineering attack. The company said it acted quickly to block the activity and retained a forensic firm to investigate the affected files.
The hacking group ShinyHunters claimed responsibility for the breach. A reported review of the stolen 2.5 gigabytes of data found it included customers’ full names, home addresses, dates of birth, and phone numbers.
Social engineering refers to attackers manipulating employees through deceptive communications to gain access to corporate systems. A January report by Chainalysis stated that over $17 billion in crypto was stolen last year through AI-powered impersonation scams.
Figure said in a statement, “We are offering complimentary credit monitoring to all individuals who receive a notice.” The company added that it continuously monitors accounts and has strong safeguards in place to protect customers.
Founded in 2018, Figure is a lender that runs its loan platform on the Provenance blockchain. The company went public in September 2025, raising $787.5 million in an IPO that valued it at about $5.3 billion.
The breach occurred as Figure announced a proposed secondary public offering of its blockchain-native stock. Figure’s stock finished the day up 3.57% at $35.29, though it has fallen 37% over the last month.
