Crypto Platform NoOnes CEO Confirms $8M Hack, Several Weeks After Security Breach

The peer-to-peer cryptocurrency trading platform NoOnes has revealed it was the victim of a significant security breach earlier this month, resulting in the loss of approximately $8 million in crypto assets.

CEO Ray Youssef confirmed the hack after it was disclosed by crypto researcher ZachXBT on his “Investigations by Zach” Telegram channel.

Youssef, who previously served as the CEO of Paxful, a competing peer-to-peer crypto platform, explained that the breach occurred on January 1st due to an exploit involving their Solana bridge.

In response, NoOnes took immediate action by disabling the vulnerable bridge. As of now, the bridge remains offline, as indicated on the company’s status page.

Youssef wrote in a post on X:

“We acted quickly to contain the breach, and user funds and personal data remain secure.”

He assured users that the company was committed to further securing the system, noting that Solana support would not be restored until thorough penetration testing was conducted.

He also apologized for any inconvenience caused by the disruption.

According to ZachXBT’s investigation, the breach led to a series of unauthorized withdrawals amounting to $7.9 million, spanning the Ethereum, Tron, Solana, and Binance Smart Chain networks.

These funds were gradually siphoned out over two days via numerous small transactions, each typically withdrawing about $7,000.

After being drained, the assets were sent to Tornado Cash for mixing.

Shortly after the incident, NoOnes posted an announcement about scheduled maintenance, although it did not initially comment on the security breach.

NoOnes’ status page further highlighted issues with connectivity to the TON blockchain, as well as suspensions of Solana deposits.

Currently, the Solana wallet is absent from the platform, further confirming the exploit’s severity.

At the time of the breach, the platform had experienced a 24-hour trading volume of $2.7 million, with Bitcoin (BTC) accounting for 76% of the trades.

NoOnes primarily serves markets in the developing world, where peer-to-peer crypto trading is often a crucial avenue for financial inclusion.

The breach highlights the vulnerability of decentralized finance (DeFi) platforms, especially those that rely on bridges to link multiple blockchains, a feature that has become an increasingly common target for hackers.

The Solana bridge exploit is a reminder of the risks associated with such bridges, which can act as single points of failure if not properly secured.

In terms of scale, the hack is among several recent high-profile crypto breaches that underscore the ongoing security challenges in the industry.

For example, the 2022 hack of the Ronin Network, which saw the theft of $625 million, was one of the largest in DeFi history, exploiting vulnerabilities in a bridge used to facilitate transactions between Ethereum and Ronin.

Another notorious attack occurred in 2021, when hackers drained over $500 million from the Poly Network, also using a bridge vulnerability.

These incidents reflect a broader trend of DeFi projects facing severe risks due to the complexity of their underlying technologies and the vast sums of money at stake.

Despite efforts to secure decentralized finance, attacks like the one on NoOnes are not isolated incidents, highlighting the need for heightened security measures in the rapidly evolving landscape of DLT / blockchain technology.

The fact that funds were laundered through Tornado Cash also demonstrates how vulnerabilities in the crypto ecosystem can be compounded by privacy tools, making tracing stolen assets more difficult.

The breach of NoOnes serves as another stark reminder of the challenges facing the cryptocurrency industry, particularly in the realm of decentralized finance.

As the value of crypto-assets grows and more users turn to platforms like NoOnes for trading, the importance of robust security infrastructure becomes even more critical.

With an increasing number of crypto hacks and vulnerabilities emerging, the need for better risk management and more secure bridges will only grow.

For platforms in this space, the NoOnes breach should act as a cautionary example / incident and a prompt to reevaluate their security protocols to prevent future malicious attacks.



Sponsored Links by DQ Promote

 

 

 
Send this to a friend