Kontigo Breached: YC-Backed Neobank Vows Full Refund After $340k Hack
Kontigo CEO pledges full restitution after hackers drain $340k from 1,000+ user wallets.
Latin America-focused stablecoin bank confirms 1,005 users affected but promises 100% restitution within hours.
Kontigo, the stablecoin neobank backed by Y Combinator and Coinbase Ventures, confirmed a security breach Monday that drained $340,905.28 USDC from customer accounts. The startup, which targets underbanked users in Latin America and the U.S., stated it has identified the attackers and pledged immediate reimbursement.
CEO Jesus A. Castillo acknowledged the incident in a statement on X (formerly Twitter), noting that he was personally affected by the exploit.
“To all affected, including myself. We will resolve this in the next few hours, count on that. Kontigo takes responsibility.”, Jesus A. Castillo, Kontigo CEO
The Breach by the Numbers
The attack targeted specific user wallets rather than the protocol’s central treasury. According to the official post from @kontigo_app, the unauthorized access compromised:
- 1,005 individual user accounts.
- $340,905.28 in total USDC funds.
While the sum is relatively low compared to recent nine-figure DeFi exploits, the breach strikes at the core of Kontigo’s “trustless” banking model. The startup, which reported $1 billion in annualized payment volume last year, markets itself as a safe haven for Latinos escaping inflationary fiat currencies.
Immediate Fallout & Response
Kontigo froze withdrawals immediately upon detecting the anomaly. The team claims to have isolated the vulnerability, though they have not yet disclosed the specific attack vector (e.g., private key compromise vs. smart contract bug).
Castillo issued a direct warning to the perpetrators, claiming the firm has already identified them: “To the hackers: we already know who you are, you will not go unpunished.”
This incident adds pressure to the “crypto-fintech” sector, where startups like Kontigo bridge the gap between Web3 rails and traditional banking interfaces. With backers like DST Global and Coinbase Ventures, the firm’s ability to execute the promised “100% restitution” is likely secure, but the reputational damage in a trust-sensitive market remains the primary liability.
