Haciyev Reşit 
Figure Technology, a company operating in the cryptocurrency and blockchain-based finance sector, has officially disclosed that it experienced a data breach. The company stated that the incident did not result from a technical system vulnerability, but rather from a social engineering attack in which an employee was deceived. Through this method, the attackers gained access to certain internal company files and obtained a limited amount of data. Authorities announced that an internal investigation was launched immediately after the breach was detected and that additional security measures have been implemented. However, the company has not yet provided clear details regarding the scope of the breach, how many users were affected, or which categories of data were compromised. This lack of clarity has once again raised concerns about data security within the crypto industry.
How Did the Figure Technology Data Breach Occur?
Figure Technology, a blockchain-based lending company, explained that attackers manipulated an employee through social engineering tactics to gain access to company systems. Following the unauthorized access, it was confirmed that certain user data had been compromised. The company stated that internal security protocols were reviewed and relevant teams were activated in response to the incident.
In a statement to TechCrunch, Figure spokesperson Alethea Jadick said:
“A limited number of files were accessed by unauthorized individuals. We are in contact with affected individuals and institutions, and we will offer free credit monitoring services to all notified users.”
The company also announced that additional protective measures have been implemented to strengthen user security and that the situation is being closely monitored. However, no detailed information has been disclosed regarding the number of affected individuals, the specific data categories leaked, or the financial impact of the incident.
Sensitive Data Allegedly Exposed
According to TechCrunch’s review of the leaked dataset, the compromised information reportedly includes:
- Full name
- Home address
- Date of birth
- Phone number
The exposure of such sensitive personal data significantly increases the risk of identity theft and financial fraud.
ShinyHunters Claims Responsibility
The cyberattack was claimed by the ShinyHunters hacker group, which has previously been linked to several high-profile data breaches. In a message posted on a dark web leak platform, the group alleged that Figure refused to pay a ransom and that they subsequently released approximately 2.5GB of data publicly. The leaked dataset is said to contain user information.
One member of the group further claimed that the attack was not an isolated incident, but part of a broader campaign targeting organizations that use Okta’s single sign-on (SSO) services. This allegation suggests the breach may not be limited to Figure alone. The same campaign reportedly targeted prestigious institutions such as Harvard University and the University of Pennsylvania (UPenn). These claims indicate that the cyber threat may extend beyond the crypto sector and that corporate identity authentication infrastructures could be facing significant security risks.
Cybersecurity Alert Across the Crypto Sector
The Figure Technology data breach once again highlights the growing cybersecurity risks within the cryptocurrency and blockchain industry. Social engineering attacks can create vulnerabilities even in companies with strong technical infrastructures. For users, enabling two-factor authentication (2FA), monitoring suspicious activity, and taking extra precautions to safeguard personal data remain critically important.
You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.