BNB Chain liquidity providers lose $7.3M in DxSale security breach

BNB Chain liquidity providers lose $7.3M in DxSale security breach

Approximately $7.3 million was stolen from BNB Chain liquidity providers through DxSale, sparking renewed discussions about security vulnerabilities in legacy DeFi locker contracts.

A cyberattack targeting memecoin launch platform DxSale resulted in the theft of $7.3 million in assets, impacting approximately 1,400 liquidity providers (LPs) operating on the BNB Chain network.

According to blockchain data platform PeckShield's Friday X post, the malicious actor behind wallet address "0xC457" moved $1.87 million in BNB (BNB) tokens to two primary wallets before distributing them across several Binance deposit addresses, as revealed by onchain transaction data.

DxSale served as a liquidity locking mechanism for tokens that launched on the BNB Chain during 2021. Blockchain analyst Tahax approximated that the locker continues to secure liquidity from token projects that were initiated several years in the past and noted that the attacker's wallet was newly established and received initial funding via crypto exchange Bybit.

The security breach contributes to escalating worries surrounding decentralized finance (DeFi) hacks, which have accumulated $52 million in stolen assets during May alone, representing a decrease from April's $634 million, which established a high not witnessed since February 2025, based on data aggregator DefiLlama's statistics.

Escalating cyberattacks have generated extensive concerns regarding the overall safety of the broader DeFi sector, partially attributed to malicious actors' increasing adoption of AI technologies. "I now consider *all* of DeFi unsafe," stated Manuel Aráoz, founder of the blockchain security platform OpenZeppelin, on Tuesday, referencing AI's expanding capabilities to detect smart contract vulnerabilities.

DxSale stolen funds are already untraceable: onchain analyst

According to Tahax, the perpetrator has already channeled portions of the stolen funds through infrastructure that could significantly complicate tracking efforts.

The analyst revealed that ownership of the locker contract was quietly transferred by the DxSale deployer to a new wallet 269 days prior, suggesting that a "backdoor was left in" despite the absence of an official migration announcement.

The analyst referenced onchain evidence showing an additional 80 transactions that performed successive ownership transfers for obfuscation purposes, ultimately resulting in contract ownership arriving at wallet '0xC45,' which initiated the large-scale BNB withdrawals.

Web3 security platform Coinsult explained in a Friday X post that the backdoor present in the deployer contract, combined with a backdated lock mechanism, allowed the hacker to leverage withdrawal loops and siphon the BNB tokens, further stating:

A privileged setFee plus a backdated lock turned 'locked' deposits into a withdrawable balance.

Cointelegraph has reached out to DxSale seeking commentary on the security breach and confirmation of the total number of affected liquidity providers.

This exploit contributes to the more than $17 billion in crypto exploit losses documented by DefiLlama, which includes approximately $7.8 billion in losses from DeFi protocols specifically.