US neobank Kontigo recently experienced a cybersecurity breach involving an authentication flaw that resulted in the theft of over 340,000 USDT from 1,005 user accounts. The company has since blocked access to prevent further losses and is currently using funds from its recent seed round to fully reimburse all affected customers.

The American startup Kontigo, which provides stablecoin accounts for users in Latin America, recently fell victim to a sophisticated cyberattack that compromised the funds of more than one thousand clients. The breach resulted in the loss of 340,905.28 USDT, a significant hit for the company that had quickly grown to serve over one million users within its first year. In response to the ongoing threat, the firm temporarily disabled platform access to secure its remaining assets and protect its client base from further unauthorized activity.

An investigation into the incident revealed that the security failure began in December when an attacker managed to exploit a legacy gateway within the company's authentication provider. Specifically, the flaw existed in the Apple OIDC authentication flow where the system failed to properly validate the expected issuer. By using an issuer under their own control, the attacker was able to trick the system into generating valid authentication tokens. These tokens allowed the intruder to bypass standard security measures and gain direct access to individual user accounts.

Once inside the system with valid credentials, the attacker moved to drain the compromised wallets by generating withdrawal quotes. Because they possessed legitimate authentication tokens, they were able to connect to the affected wallets and execute these transactions effectively. The company also acknowledged that certain backend database tables lacked row-level security. This configuration error provided the attacker with more visibility into user records than would have been possible if the proper security controls had been active.

In the wake of the breach, the neobank is conducting a thorough internal review of its security infrastructure and data protocols. The company has publicly stated its commitment to adhering to United States laws and sanctions, noting that it is currently evaluating its internal procedures to prevent future vulnerabilities. Leadership emphasized that enhancing their existing security framework is a top priority as they work to restore user confidence and harden their defenses against similar exploits.

To mitigate the impact on its users, Kontigo has already started the process of reimbursing every account that was affected by the theft. The startup is drawing from a 20 million dollar seed funding round it secured in December 2025 to cover these losses and ensure that no customer is left out of pocket. By taking immediate financial responsibility for the breach, the firm aims to stabilize its operations and continue its mission of providing dollar-denominated holdings to the Latin American market.

Source: Stablecoin Bank Kontigo Suffers Cyber Attack Impacting Operations