4 Minutes
Venezuela-focused stablecoin neobank Kontigo has confirmed a security breach that resulted in the unauthorized drainage of USDC from customer wallets. According to the company’s Jan. 5 update, the incident affected 1,005 users and resulted in roughly $340,905 worth of USDC being stolen. Kontigo has pledged to reimburse 100% of impacted funds and is conducting an active investigation with external cybersecurity partners.
What happened
Unauthorized access and initial response
Kontigo reported detecting unauthorized access that impacted certain user wallets. The team immediately isolated the affected systems, activated internal security protocols, and launched an investigation. While a full technical post-mortem is still pending, the firm says it has engaged independent cybersecurity specialists to perform a comprehensive review of the breach.
Scope and impact
The company estimates that approximately $340,905 in USDC was stolen and that 1,005 customers were affected. Many users also shared screenshots on social media showing suspicious login attempts and other anomalous activity in the days surrounding the breach, though it remains unclear whether all those reports are directly related to the exploited vulnerability.
Kontigo’s response and reimbursement policy
Kontigo has promised to reimburse 100% of the amounts lost by affected customers. The neobank says reimbursements will be handled on a case-by-case basis per its security protocols. The company is also operating under a reinforced monitoring scheme as systems are gradually restored to ensure ongoing operational integrity and to prevent further loss.
Investigation and remediation
To strengthen its defenses, Kontigo is collaborating with external security auditors and actively reviewing access logs, API usage, and wallet controls. The firm has temporarily isolated the implicated infrastructure and is rolling out additional monitoring and hardening measures while the investigation continues.
Industry context: a wave of attacks on crypto services
This incident comes amid a broader uptick in targeted attacks on crypto users and service providers. Last month, Binance-owned Trust Wallet suffered an exploit related to its Chrome extension, with estimated losses exceeding $7 million; Trust Wallet also pledged to compensate affected users. Security firm SlowMist has also warned of phishing campaigns aimed at MetaMask users attempting to harvest seed phrases under the guise of enabling two-factor authentication.
What affected users should do now
If you believe your Kontigo account or wallet may have been compromised:
- Contact Kontigo support immediately and follow their instructions for the reimbursement process.
- Freeze or monitor your linked cards and cross-border payment flows.
- Revoke suspicious wallet approvals and move remaining funds to secure cold storage or a hardware wallet if possible.
- Change passwords and enable all recommended security controls.
- Monitor on-chain addresses and review transaction histories for suspicious outflows.
About Kontigo
Founded in 2023 and based in San Francisco, Kontigo targets Latin American users and the Latino community in the U.S., offering stablecoin-based services such as USDC-denominated savings, cross-border transfers, debit and credit cards, and tokenized access to U.S. stocks and Bitcoin. The startup is backed by notable investors including Y Combinator, DST Global, and Coinbase Ventures and closed a $20 million seed round last month valuing the company at $100 million.
Outlook
As the investigation proceeds, Kontigo’s promise to fully reimburse affected users is a critical step toward restoring trust. Nevertheless, this event underscores persistent threats facing crypto platforms — from phishing campaigns to extension-based exploits — and highlights the need for robust wallet security practices, independent audits, and faster industry-wide incident response standards.
Source: crypto
Comments
mechbyte
Not surprised, wallets + browser extensions are risky. Revoke approvals, move funds to a hw wallet, monitor txs. hope they learn quick
coinpilot
Is this even true? They promise 100% reimbursement but who audits the process, and will cash actually return fast? if thats real then...
Leave a Comment