DxSale drained of $7.3M in BNB Chain locker exploit
DxSale lost $7.3M after a backdoor in its BNB Chain liquidity locker, affecting about 1,400 liquidity providers and sending some funds to Binance deposit addresses.
DxSale lost $7.3 million when a backdoor in its liquidity locker on the BNB Chain allowed an attacker to withdraw funds, affecting about 1,400 liquidity providers. Blockchain monitoring firm PeckShield traced transfers from attacker address 0xC457 that moved roughly $1.87 million in BNB into two primary wallets before depositing portions into multiple Binance deposit addresses.
The breach exploited a privileged permission in the locker contract that converted locked deposits into withdrawable balances. Web3 security firm Coinsult wrote that a privileged setFee function combined with a backdated lock enabled withdrawal loops that extracted BNB from the locker.
On-chain analyst Tahax reported that the DxSale deployer transferred ownership of the locker contract 269 days ago, and that about 80 subsequent ownership hops were used to obscure control before ownership landed at wallet 0xC45, which then initiated mass BNB withdrawals. Tahax also noted the exploiter’s wallet was newly created and initially funded through the exchange Bybit, and that some stolen funds have been routed through infrastructure intended to hinder tracing.
The locker held legacy liquidity from projects that used DxSale in 2021 to lock launch liquidity on the BNB Chain. Data aggregator DefiLlama shows about $52 million in exploit losses so far in May, down from $634 million in April, and more than $17 billion in total crypto exploit losses tracked to date, including roughly $7.8 billion from DeFi protocols.
Manuel Aráoz, founder of blockchain security firm OpenZeppelin, wrote on social media: “I now consider all of DeFi unsafe,” citing advances in artificial intelligence that can help attackers find smart contract vulnerabilities.
About 1,400 crypto liquidity providers are affected, including projects and teams that may no longer be active. The attacker’s movement of funds toward centralized exchange deposit addresses could complicate recovery efforts, which will depend on exchange cooperation and any applicable law enforcement actions.
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.
Articles by this author
