In February 2026, Figure Technology Solutions was the victim of a data breach attributed to the ShinyHunters advanced persistent threat (APT) group. The attackers stole an estimated 2.5 GB of sensitive data from the company’s systems.
Inside the Breach
Figure Technology is a financial technology company headquartered in the U.S. It operates on-chain lending and capital markets platforms to support various types of consumer and institutional credit, such as HELOCs, DSCR loans, and cash-out refis. The company bridges the gap between TradFi and DeFi with a blockchain-based platform that offers traditional loan products to customers.
The root cause of the incident was a social engineering campaign targeting one of the company’s employees. The exact attack vector is unknown, but ShinyHunters linked the incident to a broader campaign targeting Okta users. After successfully social-engineering the target, the attackers were able to access their account and associated files.
This incident was a classic double-extortion attack, where the attackers threatened to leak sensitive information if a ransom demand wasn’t met. Figure Technology’s refusal to pay resulted in approximately 2.5 GB of data being released on ShinyHunters’ leak page. This included sensitive information, such as:
Customer names
Physical addresses
Dates of birth
Phone numbers
While the leaked dataset doesn’t seem to include SSNs or financial data, it does have significant security implications for customers. The data included in this breach could be used to develop tailored spear phishing attacks, enabling ShinyHunters or other groups (since the data is now public) to increase the likelihood of another successful attack.
Lessons Learned from the Breach
The Figure Technology breach is yet another demonstration of the potential impacts and harms that can be caused by off-chain attacks, including social engineering. While the attacker didn’t steal millions from a DeFi project like many of the biggest hacks in the space, they did collect and leak a great deal of sensitive information about users of Figure Technology’s services. This information can dramatically enhance the effectiveness of future attacks.
Managing off-chain security risks requires strong policies and programs as well as the technical controls that address on-chain attacks. Organizations need to ensure that employees are trained on social engineering attacks and that access controls are tuned to limit the risk that a compromised account results in a large-scale data breach. Halborn advisory services help DeFi teams design and implement both on-chain and off-chain security controls. Get in touch to find out more.