Hackers have stolen personal and contact information belonging to nearly one million users after breaching the systems of Figure Technology Solutions, a blockchain-focused financial technology company founded in 2018.
The company uses the Provenance blockchain for lending, borrowing, and securities trading, and says it has unlocked more than $22 billion in home equity through partnerships with over 250 financial institutions.
Although Figure did not publicly announce the breach, a company spokesperson confirmed that attackers accessed “a limited number of files” through a social engineering attack. According to data breach tracking service Have I Been Pwned, information from approximately 967,200 accounts was exposed. The leaked data reportedly includes names, email addresses, phone numbers, physical addresses, and dates of birth dating back to January 2026.
The cybercrime group ShinyHunters claimed responsibility for the attack and listed Figure on its dark web leak site, allegedly publishing 2.5GB of stolen data. ShinyHunters has recently claimed other high-profile breaches, including incidents affecting Match Group, which owns platforms like Tinder and Hinge.
Investigations suggest that some of these breaches are linked to a broader voice phishing (vishing) campaign. In these attacks, hackers impersonate IT support staff and trick employees into revealing login credentials and multi-factor authentication codes on fake login portals. Once attackers gain access to single sign-on (SSO) accounts, they can move laterally into connected enterprise systems such as Microsoft 365, Google Workspace, Salesforce, Slack, and other business tools.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
