Figure Blockchain Lending Breach – Social Engineering Attack

Figure Technology, a major blockchain-based financial technology company, has acknowledged a security breach that involved unauthorized access to its data.

In a statement, Alethea Jadick, a spokesperson for Figure Technology, said the breach occurred when an employee fell for a social engineering scam, allowing hackers to gain access to some files.

The firm confirmed that it is communicating with its partners and affected parties regarding the leak. In addition, he noted that all recipients of this notification can access free credit monitoring. However, journalists claimed that Figure’s spokesperson did not respond to certain questions about the details of the leak.

Rape incidents in the tech industry remain a key concern

The incident of the filtration of dent has raised security concerns among users, leading to heated debates in the industry. In this context, reports highlight that ShinyHunters, a well-known black hat hacking group dedicated to extortion and hacking, took credit for the leak on its dark web portal. According to the hackers, the company refused to comply with their demands, which led them to leak 2.5 gigabytes of allegedly stolen data.

In response to this action, Figure stated: “We recently discovered that an employee was manipulated into giving him access, allowing someone to download a limited number of files through his account. “We took immediate action to stop the activity and hired a forensic company to investigate which files were affected.”

Following this statement, sources stated that the approach applied in this case was social engineering, a psychological manipulation of people to perform actions such as granting unauthorized access or disclosing information, acting as a form of “human hacking.”

Meanwhile, to demonstrate the intensity of the situation, Chainalysis shared a report last month noting that scammers stole approximately $17 billion in cryptocurrency last year, using AI to enhance phishing and social engineering.

Their report showed that data breaches remained a key concern in the tech industry last year, further exacerbating tensions this year. This came after a report from the Privacy Rights Clearinghouse, dated December 2025, revealed that regulators recorded more than 8,000 requests covering more than 4,000 different scenarios that significantly affected at least 374 million people.

Although Figure’s spokesperson provided limited details about the company’s data breach, an anonymous person from the ShinyHunters group informed a trusted source that the breach was part of a broader campaign targeting businesses that use Okta’s single sign-on service. Meanwhile, sources mentioned that other alleged victims were the University of Pennsylvania and Harvard University.

Step Finance encounters a gap in its operation

As breaches continue to be a major challenge in the industry, Step Finance, a major DeFi platform particularly within the Solana blockchain ecosystem, announced that several of its treasury and fee wallets were compromised, prompting an investigation into the breach.

Following its announcement, onchain data revealed that hackers withdrew approximately 261,854 SOL from staking and transferred them to an unknown address. At that time, the blockchain security company CertiK stated that the price of SOL was around $110, which implies that these transfers represented a value of almost $29 million.

Meanwhile, to try to calm the tension among its customers, Step Finance shared a post on The platform also revealed that it hired cybersecurity experts to assist in the investigation.

However, Step Finance did not mention the root cause of the gap. This sparked speculation in the ecosystem: some alleged that it was due to a failure in a smart device and others to an access control problem. The main question at the time was whether user funds outside the treasury were affected.

These concerns led journalists to reach out to Step Finance for clarity on the speculation and questions raised, but the company declined to respond.