NoOnes Hack

On January 1, 2025, NoOnes, a peer-to-peer cryptocurrency marketplace serving emerging markets, experienced a significant security breach targeting its hot wallets on Ethereum, Tron, Solana, and Binance Smart Chain. The hack, which went undetected publicly until January 24 when blockchain investigator ZachXBT flagged it, involved hundreds of small transactions—each under $7,000—that cumulatively drained $7.9 million in assets. The attackers initially funded the Ethereum portion of the exploit via Tornado Cash and later used the stolen ETH to launch similar attacks on other chains.

To evade detection, the hackers employed a laundering strategy known as smurfing, dispersing funds across three major wallet clusters—each comprising over 20 addresses—to mimic normal trading activity. Unlike the others, the stolen Solana assets were sent directly to Tornado Cash. Eventually, the attackers consolidated funds on Ethereum and Binance Smart Chain before using Tornado Cash again to obscure their final trail.

Despite the scale of the breach, NoOnes initially described the issue as routine maintenance. It wasn’t until external pressure mounted that the company acknowledged the hack nearly three weeks later, on January 24. CEO Ray Youssef later confirmed in a video on February 12 that the entry point was a Solana bridge exploit. He announced several remedial steps, including slashing hot wallet exposure from $7 million to $1 million and temporarily suspending Solana support, which was reinstated on February 11.

The delayed disclosure drew criticism, particularly given NoOnes’ large user base in regulatory-fragile regions like Nigeria, Ghana, and India. The incident underscored the importance of real-time breach disclosure, hot wallet limitations, robust security protocols, and early anomaly detection through blockchain analytics—especially for platforms serving vulnerable markets with limited recourse in the face of crypto theft.