Key Highlights
- Kontigo detected unauthorized access to its systems on January 5, leading to some users losing funds from their wallets.
- The breach affected 1,005 users and involved about USDC 340,905, according to the company.
- Kontigo says it will fully reimburse all affected users and that it is reviewing cases individually.
Kontigo, a Latin America-focused banking startup, says it will fully reimburse users after a recent security breach allowed unauthorized access to customer funds.
The company confirmed on January 5 that it had detected unauthorized access to its systems, which resulted in some users losing funds from their wallets. Kontigo said it quickly isolated affected systems, activated internal security protocols, and launched an active investigation to determine how the breach occurred and how far it spread.
“Today we detected unauthorized access that affected some users’ funds,” the company said in a public statement. Kontigo added that customer funds are protected and that any affected amount will be refunded in full.
Scope of the incident
In later updates, Kontigo disclosed that the breach affected 1,005 users, with a total of approximately USDC 340,905 involved. The company said it is reviewing cases individually and has begun the reimbursement process.
Users were encouraged to report any suspicious activity. Kontigo also warned that it would never ask for passwords, verification codes, or sensitive information through direct messages or SMS—advice commonly issued after security incidents to prevent follow-up scams.
While the company has not publicly detailed the method used by the attackers, it stated, “Our security team, together with independent external cybersecurity specialists, is carrying out a thorough review.” Kontigo has also reportedly engaged Chainalysis to help track the flow of the stolen USDC across the Polygon and Ethereum networks.
The role of stablecoins in LatAm
Kontigo operates as a stablecoin-based financial app, allowing users, especially in Latin America (LatAm), to store, transfer, and spend USDC, a U.S. dollar-pegged digital currency issued by Circle. The platform has become particularly popular among Venezuelans seeking alternatives to the bolívar, which has been heavily impacted by years of high inflation.
The company crossed 1 million users and $1 billion in total payment volume by the end of 2025 with more than 300,000 app downloads across LatAm. Kontigo is backed by well-known investors including Coinbase Ventures, Y Combinator, and Soma Capital.
Because many users rely on the app to hold dollar-denominated savings, security incidents can have an outsized impact on trust.
A history of operational and regulatory challenges
The timing of the hack is also particularly poignant. Just two weeks prior, on December 19, 2025, Kontigo announced a landmark $20 million seed round led by a syndicate including DST Global, Soma Capital, and Coinbase Ventures. This funding round, which valued the company at $100 million, ensures that Kontigo can absorb the cost of the hack without jeopardizing its operations.
In November 2025, the company suspended U.S. banking services for Venezuelan customers after its U.S.-based banking partner ordered a temporary halt. That move cut off access to one of Kontigo’s most widely used features: holding and moving U.S. dollars via U.S. bank rails.
At the time, Kontigo did not give any reasons for suspension and a timeline for restoration, which highlighted regulatory risks that cryptocurrencies are exposed to when their services are offered by the finance sector.
In a separate statement, the company said its U.S. accounts provider had requested the temporary service pause and that it was working on a solution, while stressing that its commitment to Venezuelan users remained unchanged.
More broadly, stablecoin and crypto “neobank” platforms operate in a gray area between traditional finance and digital assets.
They must navigate banking partnerships, anti-money-laundering rules, sanctions regimes, and cybersecurity threats—often simultaneously. Any disruption in one area, whether regulatory or technical, can quickly affect users.
Why is the incident significant?
While crypto hacks are not uncommon, this case underscores the risks faced by platforms that function as everyday financial tools rather than trading apps. For users relying on stablecoins for savings, remittances, or payments, even short-term loss of access can be serious.
Kontigo’s commitment to refund all affected funds may limit financial damage for users, but questions remain about how the breach occurred and whether additional safeguards will be introduced.
As investigations continue, regulators and users alike are likely to watch closely, not just for reimbursement, but for signs that systems handling dollar-linked crypto assets can be made more resilient.
Also Read: Hackers Steal $1.5M on Arbitrum Via Proxy Contract DeFi Exploit
