Stablecoin Startup Kontigo Exposes Sanctions Gaps in Crypto Payment Rails

A Y Combinator and Coinbase-backed cryptocurrency application has become the latest cautionary tale for the stablecoin infrastructure sector, raising questions about whether the industry is repeating the compliance failures that plagued banking-as-a-service providers just a few years ago.

Kontigo, a retail-focused crypto payments service, found itself at the center of controversy after its operations revealed potential sanctions compliance gaps involving multiple infrastructure providers and banking partners, according to fintech analyst Jason Mikula's Fintech Business Weekly podcast. The incident has drawn comparisons to the third-party risk management failures that triggered regulatory crackdowns on BaaS platforms between 2022 and 2024.

The situation involves a complex web of intermediaries that powered Kontigo's consumer service. Behind the scenes, the startup relied on what the industry calls "stablecoin infrastructure" providers—companies like Rain, Checkbook, Bridge, and Stripe—which in turn connected to traditional banking partners including JPMorgan Chase and Lead Bank. This multi-layered structure mirrors the BaaS model that regulators have increasingly scrutinized for obscuring accountability when compliance breaks down.

The core issue centers on sanctions enforcement rather than anti-money laundering violations, a distinction that matters for understanding both the legal exposure and the real-world impact. Sanctions compliance failures can affect everyday users in targeted countries who may have no connection to the activities that triggered the restrictions in the first place.

For chief financial officers evaluating crypto payment integrations or stablecoin treasury management, the Kontigo case offers an uncomfortable preview. The same infrastructure providers that promise seamless access to digital dollar rails are now facing questions about their due diligence processes and their ability to monitor end-use cases several layers removed from the underlying bank accounts.

The parallels to BaaS are striking. In both models, a consumer-facing company partners with middleware providers who connect to regulated financial institutions. When problems emerge, finger-pointing ensues: Was it the consumer app's responsibility to screen users? The infrastructure provider's duty to monitor transactions? Or the bank's obligation to know its customers' customers?

Mikula and Alex Johnson of Fintech Takes, discussing the incident on their Fintech Recap podcast, emphasized the third-party risk management implications. The question isn't just whether Kontigo failed its compliance obligations—it's whether the infrastructure layer has adequate controls to prevent similar incidents across dozens or hundreds of client applications.

This matters because stablecoin infrastructure is scaling rapidly. Companies like Bridge (recently acquired by Stripe) and others are positioning themselves as the plumbing for a new generation of dollar-denominated digital payments. If they're inheriting the same compliance blind spots that triggered consent orders against BaaS platforms, the regulatory reckoning may come faster than the first time around.

The timing is particularly awkward for the crypto industry, which has spent the past two years arguing that stablecoins represent a safer, more transparent alternative to traditional correspondent banking. That pitch becomes harder to make when the infrastructure powering those stablecoins can't answer basic questions about sanctions screening.

What remains unclear is whether this represents an isolated incident or a systemic vulnerability in how stablecoin rails are constructed. The involvement of major players like JPMorgan Chase and Stripe suggests the issue may be more structural than any single company's oversight failure.

For finance leaders, the lesson is familiar: when payments infrastructure promises to abstract away complexity, the complexity doesn't disappear—it just moves somewhere less visible until regulators come asking questions.