Another day, another hack in Web3

P2P platform Noones lost $7.9 million to hackers who played the long game, hitting multiple chains before washing everything through Tornado Cash. 

Blockchain detective ZachXBT broke the case wide open.

The Perfect Crime?

The thieves decided it was better to work smarter and not harder. 

Between January 1-2, they ran hundreds of sub-$7,000 transactions across Ethereum, Tron, Solana, and BSC. 

Small enough to fly under the radar, big enough to add up to millions.

These criminals were thinking big, but doing it in small chunks – just like China, who sold all that Bitcoin over the last five years.

Noones' response? "Maintenance period." That's it. 

No mention of missing millions, no warning to users, just radio silence since the hack. 

Nearly a month later, still no official word about where users' money went.

That’s not a good look for any entity – when you’re handling users’ funds, they deserve to know what’s happening as quickly and professionally as possible. 

How Noones is handling the situation is the opposite of transparency. 

Following the Money

The hackers didn't waste any time making off with their ill-gotten gains. 

They took a bridge to Ethereum and BSC and then plopped the funds straight into Tornado Cash – crypto's favorite washing machine. 

For the uninitiated, Tornado Cash is a coin mixer that “washes” coins, breaking the on-chain paper tail of where they’ve come from and where they’re headed next. 

Despite being sanctioned since 2022, Tornado's still the go-to for making stolen crypto disappear.

While privacy is important and Tornado Cash is a paragon of on-chain anonymity, its use by criminals sours its image within and beyond the industry.

This hack exposes some ugly truths. 

Hot wallets are still too hot to handle, cross-chain security is still more dream than reality, and transparency is usually the first casualty when platforms get hit.

The Warning Signs and What to Avoid

Multi-chain attacks are becoming the new normal. 

Hackers aren't just picking one target anymore but aiming to hit everything at once. 

While platforms juggle multiple chains for user convenience, they're juggling live grenades, adding a new one with each rickety bridge they deploy or access.

Questions abound.

Why keep millions in hot wallets? 

How did the attackers access multiple chains? 

And most importantly – why isn't Noones talking? 

In crypto's still-pretty-wild west, these questions matter more than the missing millions, and, unfortunately, this probably won't even be 2025's biggest hack.