Noones App P2P marketplace likely hacked for $7.9M, tracked on-chain by ZachXBT

Noones App, an international P2P marketplace accepting crypto, has seen a series of outgoing transactions that sparked speculations of an exploit. On-chain investigator ZachXBT points to a possible hack or exploit, as the funds were later consolidated and mixed through Tornado Cash. 

On-chain investigator ZachXBT noted suspicious outgoing transactions from the wallets of Noones App, a P2P marketplace with crypto payments. The day of the attack coincided with the announcement of wallet maintenance in January. ZachXBT noted a series of suspicious transactions, withdrawing up to $7.9B of assets on several chains. 

Despite the claim only the Solana bridge was hacked, ZachXBT noted outflows from Ethereum, TRON, Solana, and BNB Smart Chian on January 1-2. 

The investigator noted a series of transactions for $7,000 from the app’s hot wallets. While Noones App is permissionless, it still holds the risk of being a custodian for user funds, so they can swap and transact. 

The transactions were bridged and consolidated to Ethereum and BNB Smart Chain, then sent to Tornado Cash for mixing. One of the addresses was the most active around January 4, sending out transfers of 10 ETH to Tornado Cash. A similar approach was taken through BNB Smart Chain – a series of transactions until all funds were mixed and concealed. 

On TRON, the exploiter bridged and swapped the assets to consolidate holdings as TRC-20 USDT. 

Once mixed, the funds are no longer recoverable and cannot be traced to new wallets. There is also no way to differentiate between legitimate withdrawals except for the on-chain evidence of a series of similar transactions. 

Previously, ZachXBT has kept a watch on Paxful and Noones App as gateways for mixing funds from the exploits of the Lazarus hacker group. Accounts on those apps received funds from exploits, later transferring them into cash. An estimated $44M has flowed into the app from previous exploits.

Noones App team admits to Solana bridge exploit

After weeks of investigation, the app’s founder, Ray Youssef, finally announced a hack of the Solana bridge, though he claimed the funds were safe and contained. The app’s team claimed the funds were secured despite on-chain evidence of tokens moving on several different chains.

We’re aware of reports about unusual activity involving NoOnes’ hot wallets (Jan 1-2). An exploit happened across our Solana bridge. Our security teams quickly responded and the situation was immediately contained.

User funds and personal data are safe and a thorough… https://t.co/F72PXLokcy

— Noones App (@noonesapp) January 24, 2025

Noones App accepts both crypto deposits and fintech tools, including gift cards, for crypto trading with minimal verification.

Peer-to-peer markets are a potential tool for disguising and mixing funds. Noones App gained popularity from 2023 onward, offering a free, no-KYC market for P2P crypto swaps. The app was launched after Youssef’s previous project, Paxful, met with regulatory problems in the US market. Due to its legacy status in the crypto space, Paxful remains operational and has higher traffic compared to Noones App. 

The app has already accrued more than 100K downloads, with an average score of 3.4 stars. Users are attracted to Noones for its simplicity and similarity to Paxful. The app is also boosting its marketing on X, focusing on emerging markets. The app creator has stressed the goal of Noones is to give financial access to unbanked markets. 

The app noted a 300% growth in daily downloads in January, with robust growth for the last quarter of 2024. Despite targeting countries in the Global South, in the past month, 16.65 of Noones visits came from the USA, with 66.51% growth for the 30-day period. The user expansion follows the recent announcement of a trading competition with a $15,000 reward, further boosting interest in Noones App. 

The Noones App is on an expansion arc in the new year, through increased demand for SOL and other crypto assets. However, the app also suffers from regular outages or problems with asset availability. Most of the wallet issues were posted as resolved, though the app left out the Solana bridge exploit in its incidents log. 

Noones mostly uses hot wallets for fast swaps. The app is most widely used in 60 countries, with 500 accepted payment gateways. Noones supports 234 countries and territories, though some only have a few dozen peers for trading. 

Cryptopolitan Academy: Are You Making These Web3 Resume Mistakes? - Find Out Here