A cunning social engineering scheme has compromised the systems of Figure Technology, a blockchain-based lending firm that went public last year. According to a company spokesperson, the incident resulted in the theft of a ‘limited number of files’ containing sensitive customer data.
The attack was carried out by the notorious hacking collective ShinyHunters, who claimed responsibility on its dark-web leak site. The group published roughly 2.5 gigabytes of stolen data, including customers’ full names, home addresses, dates of birth, and phone numbers.
This type of information is highly valuable to cybercriminals, who can use it to carry out identity fraud and phishing attempts. In fact, crypto phishing attacks have been a persistent threat to the industry, with total losses reaching $494 million in 2024. However, according to Web3 security firm Scam Sniffer, losses dropped sharply to $83.85 million in 2025, an 83% decline.
Despite this decline, researchers warn that phishing attacks have not disappeared. In fact, losses tend to track market activity, rising during periods of heavy on-chain trading and easing when markets cool. The third quarter of 2025, during Ethereum’s strongest rally, recorded the highest losses at $31 million.
Figure Technology has begun notifying affected parties and is offering free credit-monitoring services to anyone who receives a breach notice. The company’s systems were compromised after an employee fell victim to a social engineering scheme, highlighting the need for robust security measures and employee training.
The incident comes just months after Figure Technology launched its On-Chain Public Equity Network (OPEN), a platform that allows companies to issue real shares and enables investors to lend or pledge those shares directly to one another without traditional brokers, custodians, or exchanges.
This breach serves as a stark reminder of the importance of cybersecurity in the blockchain industry. As the industry continues to grow and evolve, companies must prioritize security and take proactive measures to protect themselves and their customers from these types of threats.
About the Author
