Figure Tech Data Breach Leaks Customer Personal Data

Figure Technology Experiences Major Data Breach

Figure Technology, a prominent firm specializing in blockchain-based lending solutions, has fallen victim to a significant data breach. The cyber incident stemmed from a sophisticated social-engineering attack that targeted one of the company's employees, ultimately leading to the unauthorized access and exposure of sensitive customer information.

According to statements provided by a company spokesperson to TechCrunch, the attackers managed to acquire a restricted set of files containing personal details. In response to the breach, Figure Technology has promptly initiated the process of notifying all individuals whose data may have been compromised. Additionally, the firm is extending complimentary credit-monitoring services to those who receive official breach notifications, aiming to mitigate potential risks such as identity theft.

At this stage, the company has chosen not to reveal comprehensive specifics regarding the full extent of the breach. This includes the exact number of impacted users or the precise timeline of when the intrusion was first identified. Efforts by Cointelegraph to obtain further commentary directly from Figure Technology had not yielded a response at the time of this article's publication.

ShinyHunters displays the pilfered data on their platform. Source: Independent verification.

ShinyHunters Claims Responsibility for the Hack

The notorious hacking group known as ShinyHunters has publicly taken credit for the breach via their dedicated leak site on the dark web. They assert that Figure Technology rebuffed their demands for a ransom payment, prompting the group to release approximately 2.5 gigabytes of allegedly stolen data extracted from the company's internal systems. This move underscores the escalating tensions between cybercriminals and targeted organizations unwilling to negotiate.

Leaked Information Poses Serious Privacy Risks

An examination of sample data from the leak, as conducted by TechCrunch, revealed highly sensitive personal details belonging to Figure's customers. The exposed records encompass full names, residential addresses, birth dates, and contact phone numbers. Such information represents a goldmine for malicious actors, who could exploit it to perpetrate identity fraud, sophisticated phishing schemes, or other forms of cyber exploitation.

In the broader context of cybersecurity threats within the cryptocurrency and fintech sectors, phishing remains a persistent danger despite some positive trends. As previously covered by Cointelegraph, incidents of crypto phishing attacks associated with wallet drainers experienced a dramatic downturn in 2025. Total financial losses plummeted to $83.85 million, marking an impressive 83% reduction compared to the nearly $494 million recorded in 2024, based on data from Web3 security experts at Scam Sniffer.

The decline extended to the victim count as well, which dropped to around 106,000 individuals—a 68% decrease year-over-year across various Ethereum Virtual Machine-compatible chains. However, cybersecurity researchers caution that this reduction does not signal the end of phishing threats. Instead, loss patterns have mirrored fluctuations in market activity, with spikes occurring amid surges in on-chain trading volumes and dips during quieter market periods.

For instance, the third quarter of 2025 witnessed the peak losses at $31 million, coinciding with Ethereum's most robust price rally of the year. Monthly figures varied significantly, ranging from a low of $2.04 million in December to a high of $12.17 million in August, illustrating the opportunistic nature of these attacks tied to investor enthusiasm and trading fervor.

Figure Technology's Recent Milestones and Innovations

Figure Technology marked a pivotal moment in its growth trajectory by going public in September of the previous year. The company successfully listed its shares on the Nasdaq Stock Exchange through an initial public offering priced at $25 per share. This IPO generated $787.5 million in proceeds, establishing an initial market valuation between $5.3 billion and $7.6 billion, reflecting strong investor confidence in its blockchain-driven lending model.

Building on this momentum, Figure Technology introduced a groundbreaking initiative last month: the On-Chain Public Equity Network, commonly referred to as OPEN. This innovative platform operates on the company's proprietary Provenance blockchain, enabling businesses to issue genuine equity shares in a fully digital format. Investors can then engage directly by lending or collateralizing these shares peer-to-peer, bypassing conventional intermediaries such as brokers, custodians, or centralized exchanges.

This development positions Figure at the forefront of tokenizing traditional financial assets, potentially revolutionizing how public equities are traded, managed, and leveraged in a decentralized environment. By leveraging blockchain technology, OPEN promises enhanced efficiency, transparency, and accessibility for both issuers and participants in the equity markets.

The timing of the data breach amid these advancements highlights the dual-edged nature of fintech innovation—offering transformative opportunities while simultaneously exposing firms to novel cybersecurity vulnerabilities. As the industry continues to integrate blockchain with legacy finance, robust defense mechanisms against social-engineering tactics and data exfiltration will be paramount to sustaining trust and growth.