news

DxSale Hack Drains $7.3M From BNB Chain LPs

Dhananjay Singh
Published: May 29, 2026
6 min read
DxSale Hack Drains $7.3M From BNB Chain LPs

STAY UPDATED WITH COTI

Follow COTI across social media platforms to get the latest news, updates and community discussions.

X IconFollow on XTelegram IconJoin Telegram
Make us preferred on Google

Summary:

  • Memecoin launch platform DxSale suffered a major exploit that drained roughly $7.3 million from liquidity providers on BNB Chain.
  • Around 1,400 LPs were affected, according to blockchain investigators.
  • Analysts claim the exploit may be linked to an old locker contract ownership transfer that happened quietly months ago.
  • Security researchers allege a hidden "backdoor" and outdated contract controls enabled the attacker to withdraw locked liquidity.
  • Some of the stolen BNB was reportedly moved through Binance deposit addresses after being split into multiple wallets.
  • The incident has reignited concerns around old unaudited DeFi contracts and abandoned liquidity lockers.
  • Crypto exploits have already caused billions in losses across the DeFi sector over the years. 

A major exploit targeting old liquidity locker infrastructure on BNB Chain has left thousands of users exposed after memecoin launch platform DxSale was drained for approximately $7.3 million. The attack affected around 1,400 liquidity providers, according to blockchain security researchers tracking the exploit. The stolen funds were primarily withdrawn in BNB and quickly moved across multiple wallets before portions were allegedly deposited into Binance-linked addresses. Blockchain security platform PeckShield first flagged the suspicious activity Friday, tracing movements tied to the attacker wallet identified as "0xC457…FA69" According to PeckShield:

Tahax reported that @DxSale was drained ~$7.3M from 1,400 @BNBCHAIN LPs. The address 0xC457...FA69 transferred a total of 2,958 $BNB (~$1.87M) to 2 main wallets, and subsequently deposited to multiple #Binance deposit addresses." Source

The exploit appears to have targeted old liquidity locks dating back to 2021, when DxSale became widely used for launching and locking liquidity for new BNB Chain projects during the previous memecoin cycle. At the time, many small projects relied on liquidity lockers to reassure users that developers could not suddenly remove trading liquidity and abandon the project. But years later, some of those contracts remained active, unmanaged, or poorly secured. And according to investigators, that may have created the perfect opening for attackers. Blockchain analyst Tahax said the exploit may have originated from a quietly modified locker ownership structure that went largely unnoticed by users. The analyst claimed the deployer transferred ownership of the locker contract nearly nine months ago without any public migration notice or security disclosure. Tahax wrote:

"269 days ago, the DxSale deployer quietly transferred ownership of the locker to a new wallet. The locker contract? Unverified. A backdoor was left in " Source

That detail has become one of the most discussed parts of the exploit. Because the infrastructure may have remained vulnerable for months before the attack actually happened.

READ MORE: Fake Google Ads Targeting Uniswap Users Steal $400K, Analysts Warn

How the Alleged Backdoor Worked

As investigators dug deeper into the exploit, attention quickly shifted toward the liquidity that was supposedly "locked" became withdrawable. Several security researchers now believe the attacker exploited privileged contract permissions combined with poorly secured ownership logic. According to Web3 security platform Coinsult, the vulnerability may have involved a combination of fee-setting permissions and manipulated lock timing mechanisms. The firm explained:

"A privileged setFee plus a backdated lock turned "locked" deposits into a withdrawable balance. If your LP sits in an unverified & unaudited locker with a live (non-renounced, non-timelocked) owner, you should assume that owner can move it." Source

In simpler terms, the contracts users believed permanently locked their liquidity may still have contained administrative controls capable of overriding restrictions. That is one of the oldest and most dangerous risks in decentralized finance. Many users assume "locked liquidity" means funds are mathematically untouchable. But in practice, some older contracts still rely on ownership privileges, upgrade mechanisms or hidden functions that can bypass those protections. Investigators also pointed to dozens of ownership hops before the exploit wallet finally gained control. Tahax said roughly 80 separate transactions were used to obscure the ownership trail before the contract ultimately landed under the control of wallet "0xC45," which initiated the withdrawals. The attacker reportedly funded the exploit wallet through crypto exchange Bybit before draining the contracts. By the time investigators pieced together the ownership trail, portions of the funds had already been dispersed across multiple destinations. That has complicated recovery efforts and according to analysts, some of the stolen assets may already be effectively untraceable due to how they were moved afterward. The incident highlights a difficult reality for DeFi users. Old infrastructure often remains active long after communities stop paying attention to it. During bull markets, projects move fast, contracts get reused, and security practices are sometimes treated as secondary concerns. Years later, forgotten vulnerabilities can suddenly become active again.

READ MORE: Glassnode Warns Nearly 10% of Bitcoin Supply Faces Quantum Risk

DeFi Security Concerns Are Growing Again

The DxSale exploit arrives during another uneasy period for decentralized finance security. While crypto hacks slowed somewhat in May compared to April's massive losses, the broader trend remains troubling. According to DefiLlama data, DeFi exploits have already caused roughly $52 million in losses in May alone. That follows an even more severe April, where losses surged to approximately $634 million, marking one of the worst monthly periods for crypto exploits in more than a year. Overall, DefiLlama estimates crypto-related exploits have now surpassed $17 billion in cumulative losses, including around $7.8 billion tied directly to DeFi protocols. Those numbers continue to fuel debate about whether decentralized finance has become too complex and too risky for average users. Security concerns have grown even louder recently as AI tools become increasingly capable of identifying vulnerabilities inside smart contracts. Earlier this week, OpenZeppelin founder Manuel Aráoz sparked discussion across crypto communities after saying: "I now consider all of DeFi unsafe." His comment reflected growing fears that AI-assisted attackers may soon identify weaknesses faster than developers can patch them.

  Source 

The DxSale exploit fits directly into that concern. The attack did not rely on breaking cryptography or inventing a new blockchain exploit. Instead, it appears to have abused old contract architecture, weak operational controls and overlooked administrative permissions. Those are exactly the kinds of flaws AI-assisted analysis could increasingly uncover at scale. The exploit also serves as another reminder that "decentralized" does not always mean trustless. Many DeFi systems still contain centralized points of control hidden beneath the surface. If ownership is not renounced, timelocked or transparently audited, users may unknowingly rely on administrators they cannot see and when those systems are forgotten or poorly maintained, the risks compound over time. For many affected DxSale users, the exploit likely came as a shock because the liquidity had been considered safely locked for years. But the incident may now force many DeFi participants to reevaluate older contracts still holding dormant funds. Especially across chains like BNB Chain, where countless 2021-era projects and liquidity lockers still exist quietly in the background.

READ MORE: Iran War and AI Spending Could Push Bitcoin to $126K in 2026, Says Arthur Hayes

Related Topics

#DxSale#DxSale Hack#BNB Chain#Crypto news

About the Project

Crypto News

About the Author

Dhananjay Singh

Dhananjay Singh

Dhananjay Singh is a DeFi reporter at CotiNews covering the evolving decentralized finance landscape. His work focuses on developments within the Ethereum ecosystem and the growing COTI network. He holds a Bachelor’s degree in Political Science from the University of Delhi.

View all articles

Disclaimer

The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official stance of CotiNews or the COTI ecosystem. All content published on CotiNews is for informational and educational purposes only and should not be construed as financial, investment, legal, or technological advice. CotiNews is an independent publication and is not affiliated with coti.io, coti.foundation or its team. While we strive for accuracy, we do not guarantee the completeness or reliability of the information presented. Readers are strongly encouraged to do their own research (DYOR) before making any decisions based on the content provided. For corrections, feedback, or content takedown requests, please reach out to us at

contact@coti.news

Stay Ahead of the Chain

Subscribe to the CotiNews newsletter for weekly updates on COTI V2, ecosystem developments, builder insights, and deep dives into privacy tech and industry.
No spam. Just the alpha straight to your inbox.

We care about the protection of your data. Read our Privacy Policy.