NoOnes P2P Exchange Breached: Solana Bridge Vulnerability Drains $8 Million Across Four Chains

The cryptocurrency security landscape faced another significant challenge as NoOnes, a peer-to-peer crypto marketplace, confirmed an $8 million exploit stemming from a vulnerability in its Solana bridge infrastructure. The breach, which occurred between January 1 and January 2, 2025, was publicly exposed by on-chain investigator ZachXBT on January 24, sending shockwaves through the P2P trading community and raising urgent questions about cross-chain security standards.

The Exploit Mechanics

According to ZachXBT’s investigation, the attackers exploited a flaw in NoOnes’ Solana bridge to systematically drain the platform’s hot wallets across four blockchain networks: Ethereum, TRON, Solana, and Binance Smart Chain. The stolen funds were moved through hundreds of individual transactions, each deliberately kept under $7,000—likely to avoid triggering automated alerts and transaction monitoring systems.

The cumulative outflow reached approximately $7.9 million. Once extracted, the attacker bridged the assets to Ethereum and BSC before routing them through Tornado Cash, a crypto mixer frequently used to obfuscate transaction trails. This multi-chain laundering strategy demonstrates the increasingly sophisticated methods threat actors employ to distance stolen funds from their source.

What makes this breach particularly concerning is the timing of its disclosure. Despite occurring on January 1, NoOnes did not publicly acknowledge the incident until ZachXBT brought it to light nearly three weeks later. During that period, the platform posted what it described as a routine New Year maintenance update—a claim that appears to have masked the ongoing security response.

Affected Systems

The breach impacted NoOnes’ hot wallet infrastructure across multiple networks. Hot wallets, which remain connected to the internet to facilitate real-time transactions, are inherently more vulnerable than cold storage solutions. The Solana bridge specifically was identified as the entry point—a component that enables asset transfers between Solana and other blockchain networks.

At the time of the breach, Bitcoin was trading at approximately $104,800 and Ethereum at $3,309, according to CoinMarketCap data. The $8 million loss, while significant, represents a fraction of the daily trading volume on major P2P platforms. However, the reputational damage to NoOnes and the broader implications for cross-chain trust are considerably more impactful.

The incident also follows closely on the heels of the Phemex exchange breach confirmed just one day earlier on January 23, which has been linked to North Korean hacking groups. The back-to-back exploits highlight the persistent threat environment facing centralized and semi-centralized crypto platforms in early 2025.

The Mitigation Strategy

NoOnes CEO Ray Youssef publicly confirmed the exploit following ZachXBT’s disclosure, attributing the breach to the Solana bridge vulnerability. In a statement, Youssef emphasized that the security team had responded quickly and contained the situation immediately. He assured users that personal data remained safe and that user funds were protected.

The Solana bridge has been suspended indefinitely and will remain offline until comprehensive penetration testing is completed. Youssef stated the platform would not restore the bridge until it passes rigorous third-party security audits—a critical step given that the initial vulnerability went undetected until external researchers flagged the suspicious outflows.

This approach aligns with industry best practices following a breach: isolate the affected component, conduct thorough testing, and only restore functionality once the attack vector has been fully remediated. However, the three-week delay in public disclosure represents a significant departure from the transparency standards that many in the crypto community expect.

Lessons Learned

The NoOnes breach offers several critical takeaways for the crypto industry. First, cross-chain bridges remain one of the most vulnerable attack surfaces in the ecosystem. Bridges inherently require complex smart contract logic and often hold large pools of liquidity, making them attractive targets. Organizations must subject bridge protocols to rigorous, regular security audits and implement real-time monitoring for unusual transaction patterns.

Second, the deliberate structuring of transactions below $7,000 to evade detection suggests that platforms need more sophisticated anomaly detection systems. Simple transaction-threshold alerts are insufficient when attackers can fragment withdrawals across hundreds of smaller transfers.

Third, timely disclosure matters. The three-week gap between the breach and public acknowledgment erodes user trust and prevents the broader community from taking protective measures. Security researchers and on-chain investigators like ZachXBT continue to play an outsized role in maintaining accountability within the crypto ecosystem.

User Action Required

For NoOnes users, the immediate priority is to verify account security, enable two-factor authentication if not already active, and monitor wallet addresses for any unauthorized transactions. Users who interacted with the Solana bridge should be particularly vigilant. The broader crypto community should treat this incident as a reminder that cross-chain infrastructure requires the same level of security scrutiny as any centralized exchange or DeFi protocol. As Bitcoin holds above $104,000 and the market maintains substantial valuations, the incentive for attackers will only grow—and so must the industry’s defensive posture.

Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Always conduct your own research before making any financial decisions.