Short Description: Blockchain lending giant Figure Technologies confirms a data breach after a social-engineering attack. Hackers leak customer data, highlighting persistent security risks in fintech.
Read Time: 3 minutes, 15 seconds
Main Article:
Figure Technologies, a prominent blockchain-based lending firm, has confirmed a significant data breach stemming from a sophisticated social-engineering attack on an employee. The incident allowed hackers to access and subsequently leak approximately 2.5 gigabytes of sensitive customer information. The hacking collective ShinyHunters, which claimed responsibility, published data including customers’ full names, home addresses, dates of birth, and phone numbers on the dark web after alleging the company refused to pay a ransom. This type of personally identifiable information (PII) is a prime target for identity fraud and highly targeted phishing attempts, putting affected customers at serious risk.
While Figure stated that only a “limited number of files” were taken and is offering free credit-monitoring services, the breach underscores a critical vulnerability in the fintech sector: the human element. Despite advanced blockchain security for transactions, a single manipulated employee can become a gateway for attackers. This event is particularly sensitive for Figure, which recently went public on the Nasdaq and launched its On-Chain Public Equity Network (OPEN), initiatives aimed at building trust in its innovative, blockchain-powered financial ecosystem.
The Figure breach occurs amid a complex crypto security landscape. While recent data from firms like Scam Sniffer shows a sharp decline in losses from crypto-specific phishing attacks linked to wallet drainers in 2025, this incident is a stark reminder that threats have evolved. Cybercriminals are pivoting from purely technical exploits to hybrid methods that combine social engineering with traditional data theft. For customers and investors, this highlights that security is a holistic concern, extending beyond smart contract audits to encompass employee training, data handling protocols, and ransomware defense strategies.
Short Summary: Figure Technologies faces a serious data breach after hackers used social engineering to steal customer PII, which was later leaked. The incident highlights that even blockchain-focused fintech firms are vulnerable to human-targeted attacks, shifting the threat landscape. It serves as a critical reminder for companies to bolster employee training and data security alongside technological safeguards.
