A Texas-based company alleges that a major financial institution failed to prevent or properly respond to a sophisticated cyber fraud scheme, resulting in the loss of hundreds of thousands of dollars. According to a complaint filed by LK Pop Holdings LLC on March 12, 2026, in the United States District Court for the Southern District of Texas against Citibank, N.A., the plaintiff claims Citibank was negligent in handling and safeguarding funds that were fraudulently diverted from an intended vendor payment.
The lawsuit was filed by LK Pop Holdings LLC in Houston federal court under Civil Action No. 4:26-cv-02029. The defendant named is Citibank, N.A., which is accused of failing to detect and stop a business email compromise (BEC) scheme that led to significant financial losses for the plaintiff.
According to the complaint, on June 27, 2025, cybercriminals impersonated Endurance Builders LLC—a legitimate construction vendor—and sent fraudulent wire instructions to LK Pop Holdings LLC. The plaintiff believed it was paying for construction services related to its commercial building but instead transferred $1,125,472.01 into an account at Citibank controlled by fraudsters. After discovering the deception and notifying all relevant parties—including Amegy Bank (the plaintiff’s bank), law enforcement authorities, and Citibank—LK Pop Holdings reports that only $383,475.01 was eventually refunded by Citibank. The remaining $741,997 allegedly remains unreturned despite what the plaintiff describes as clear evidence of fraud and repeated demands for action.
The complaint outlines several points where LK Pop Holdings believes Citibank failed in its responsibilities as a financial institution subject to federal anti-money laundering regulations and industry standards for fraud prevention. It alleges that red flags—such as the recent opening of the fraudulent account shortly before receiving such a large transfer—should have triggered enhanced scrutiny under federal regulations and internal protocols known as Know Your Customer (KYC) requirements.
“Defendant failed to implement reasonable safeguards,” states the filing. The document further claims that even after being notified by both Amegy Bank and the Federal Bureau of Investigation (FBI) about the fraudulent activity on July 1, 2025, Citibank did not freeze or secure all funds in time to prevent further withdrawals by the perpetrators.
Details provided indicate that during early July 2025—after notification had been made—multiple attempts by fraudsters to withdraw money from the compromised account initially failed due to apparent blocks within Citibank’s systems. However, on or about July 9, 2025 (one week after initial notification), several Automated Clearing House (ACH) transfers succeeded in moving out nearly three-quarters of a million dollars from the account despite prior assurances from a Citibank representative that “95% of the funds had been recovered.” Plaintiff asserts this communication led them not to pursue immediate legal remedies they otherwise would have considered.
The complaint also documents conflicting communications with various representatives at Citibank following discovery of the fraud. One employee reportedly told LK Pop Holdings’ principal that most funds were secure but later stopped responding; subsequent calls yielded little information or transparency regarding recovery efforts or status updates on their claim.
LK Pop Holdings argues these actions—or lack thereof—constitute negligence under common law duties imposed on banks regarding customer protection against foreseeable criminal schemes like BEC attacks. The company also brings claims for conversion (unauthorized control over property), unjust enrichment (retaining benefits derived from another’s loss), and negligent misrepresentation based on alleged false assurances about fund recovery status provided by bank staff.
In addition to seeking compensatory damages totaling $741,997 plus interest for unrecovered losses, LK Pop Holdings requests consequential damages arising from business disruptions caused by lost capital access; attorney’s fees; costs; punitive damages where allowed; and an order requiring full accounting of all transactions involving the fraudulent account.
The case is represented by attorney Michael J. Wynne of Gregor Wynne Arney PLLC in Houston. The case number is 4:26-cv-02029.
Source: 426cv02029_Lk_Pop_v_Citibank_Complaint_Southern_District_of_Texas.pdf
