
The P2P platform NoOnes fell victim to a cyberattack that resulted in the loss of approximately $8 million in assets. The company’s CEO, Ray Youssef, confirmed that the breach occurred on January 1 through a vulnerability associated with the Solana bridge.
In response to the incident, the platform promptly disabled the compromised bridge, which remains offline. In his statement, the CEO assured users that their assets and personal data were unaffected, emphasizing that operations involving Solana would only resume after rigorous penetration testing has been conducted.
An investigation by ZachXBT revealed that the attackers siphoned funds in small increments, with transactions averaging $7,000 each. In total, $7.9 million worth of assets were stolen across the Ethereum, Tron, Solana, and Binance Smart Chain networks. The stolen funds were subsequently funneled through Tornado Cash to obscure their origins.
Initially, NoOnes described the incident as routine maintenance, only later acknowledging the breach. Alongside the deactivation of the Solana bridge, the platform also experienced disruptions in its integration with the TON blockchain and temporarily suspended deposits on the Solana network.
This event once again highlights the vulnerabilities inherent in decentralized platforms, particularly those leveraging blockchain bridges to connect disparate networks. Such bridges frequently serve as attack vectors. Similar exploits in the past have led to significant thefts: $625 million was stolen from the Ronin Network in 2022, and over $610 million was taken from Poly Network in 2021 through a similar vulnerability.