Figure Technology Solutions, a fintech giant leveraging the Provenance blockchain for lending and securities, has just become the latest trophy for the notorious ShinyHunters extortion group. While the company boasts about “unlocking $22 billion in home equity” with cutting-edge tech, their perimeter was breached by the oldest trick in the book: Social Engineering.

The result? 967,200 accounts exposed.

The “Low-Tech” Hack

According to reports confirmed by BleepingComputer and Have I Been Pwned, the breach wasn’t a result of a cracked private key or a smart contract failure. It was a human failure.

An employee was tricked—likely through a targeted voice phishing (vishing) or spear-phishing campaign—into handing over the keys to the kingdom. This mirrors ShinyHunters’ recent modus operandi, where they impersonate IT support to trick staff into entering credentials and MFA codes on fake portals.

Once inside, the attackers didn’t need to break encryption; they just needed to “authorized” access to download the files.

The Loot: A Phisher’s Goldmine

The data, which dates back to January 2026, is a complete starter kit for identity theft. The 2.5GB leak includes:

• Full Names

• Physical Addresses

• Phone Numbers

• Dates of Birth

• 900,000+ Unique Email Addresses

While Figure claims only a “limited number of files” were taken, the nature of this data means the victims are now prime targets for secondary attacks. If you were a customer, expect your phone to start ringing with very convincing scammers who know exactly who you are.

The SSO Weakness

This breach is part of a larger, disturbing trend targeting Single Sign-On (SSO) infrastructure. Attackers like ShinyHunters have realized that breaking into Okta or Microsoft 365 accounts via an employee is significantly easier than finding a zero-day vulnerability in the software stack.

The Lesson: You can build your castle on the blockchain, but if the gatekeeper opens the door for a stranger in a nice suit, you are still getting robbed.

• Verify the Caller: IT support will never ask for your MFA code.

• Hardware Keys: It is time to move beyond SMS and App-based MFA to FIDO2 hardware keys (YubiKeys) that are phishing-resistant.

• Assume Breach: If you are a Figure user, lock your credit reports now.
  

CodeAintel Insight: The Figure breach proves that in 2026, the most dangerous vulnerability in the fintech ecosystem isn’t in the code—it’s in the cubicle. We are seeing a shift where “hacking” is becoming synonymous with “asking nicely.”