Dragonfly Digital Breach Exposes Driver's Licenses and Financial Information

Dragonfly Digital Management LLC, an SEC-registered cryptocurrency and blockchain venture capital firm based in San Francisco, disclosed a data breach discovered in January 2026 that may have exposed sensitive personal and financial information.

The breach was reported to the Massachusetts Office of Consumer Affairs and Business Regulation on April 10, 2026. Consumer notification letters were dated April 10, 2026.

The total number of individuals affected across the United States was not disclosed in the regulatory filing; however, at least nine Massachusetts residents were affected.

What happened in the Dragonfly Digital Management data breach

On Jan. 16, 2026, Dragonfly's security team discovered that an unauthorized individual had gained access to certain company data, according to the company's notification to affected individuals. The company engaged legal counsel, who then brought in CrowdStrike, a leading third-party forensic cybersecurity firm, to conduct an investigation into the incident.

The investigation determined that the unauthorized access involved personal information that Dragonfly collects through its compliance processes.

The personal information potentially exposed varied by individual but may have included names, phone numbers, email addresses, physical addresses, taxpayer identification numbers or Social Security numbers, other government identification numbers, copies of passports or driver's licenses, bank account numbers and other financial account numbers.

There was no loss of funds as a result of the incident.

Dragonfly Digital Management's response to the breach

Dragonfly is offering all affected individuals 24 months of complimentary identity protection and credit monitoring through Experian IdentityWorks.

The service includes access to a credit report at signup, with daily credit reports available for members who enroll online. It also provides active credit monitoring on the Experian credit file, identity restoration support from dedicated specialists and $1 million in identity theft insurance.

Affected individuals must enroll by July 31, 2026, using the activation code included in their notification letter.

Anyone who has questions or needs help with identity restoration can contact Experian's customer care team at 833-931-7577, Monday through Friday, 8 a.m. to 8 p.m. Central Time.

Anyone who receives suspicious messages can report them to Scott Hershorin at scott@dragonfly.xyz or scott@metastablecapital.com.

Steps to take if your information was exposed

• Place a credit freeze with all three credit bureaus. Contact Equifax at 800-685-1111, Experian at 888-397-3742 and TransUnion at 800-916-8800 to prevent new accounts from being opened without authorization.
• Review credit reports for unfamiliar activity. Free credit reports are available at AnnualCreditReport.com and should be checked regularly for any accounts or inquiries that seem unfamiliar.
• Set up a verbal password with financial institutions and monitor for unauthorized transactions. Because bank account numbers were potentially exposed, affected individuals should contact their banks to add a verbal password for phone verification and request monitoring for unauthorized ACH transactions.
• Be cautious of phishing attempts that reference Dragonfly or Meta Stable. Scammers may use information from this breach to send convincing messages, so any unexpected communication claiming to be from these entities should be treated with caution.
• Monitor financial accounts and statements closely. Given the broad range of financial data potentially exposed, affected individuals should review bank and investment account statements frequently for any signs of unauthorized activity.