TLDR
- DxSale’s legacy liquidity locker on BNB Chain suffered a $7.3 million exploit.
- Attackers reportedly targeted more than 1,400 old liquidity pools linked to DxSale contracts.
- Investigators traced 2,958 BNB from the attacker address to two main wallets.
- Tahax reported that DxSale locker ownership moved through around 89 wallets before the attack.
- Eyeonchain reported older backdoor claims tied to unlocking old DxSale LP positions.
DxSale’s legacy liquidity locker on BNB Chain suffered a $7.3 million exploit across old liquidity positions. On-chain investigators reported that attackers targeted more than 1,400 liquidity pools linked to outdated locker contracts. The incident has raised fresh questions around contract ownership changes, old DeFi infrastructure, and possible insider-level access.
Attackers Drain Old DxSale Liquidity Pools
Blockchain security firm PeckShield and on-chain analyst Tahax reported the exploit on DxSale’s legacy locker contracts. The attackers drained assets from old liquidity provider positions that remained locked on BNB Chain. DxSale gained wide use during the early BNB Chain token boom. Many memecoin projects used the platform to lock LP tokens and assure token holders.
Several of those contracts dated back to the 2021 market cycle. Many positions stayed untouched for years, which left substantial liquidity inside older contract structures. Investigators traced the primary attacker address to several post-exploit transactions. The address moved 2,958 BNB, worth about $1.87 million, to two main wallets.
The funds then moved through routes linked to multiple Binance deposit addresses. Separate tracking also showed swaps and mixer-related activity, including AnySwap routes. Researchers reported that the attackers used custom contracts to drain liquidity in batches. They also manipulated unlock timestamps and reduced fees close to zero.
Ownership Transfers Raise Questions
Tahax reported that DxSale’s deployer moved ownership of the legacy locker contract in August 2025. That transfer happened about 269 days before the attack. The migration did not come with a public statement from DxSale, according to the investigation. Ownership then moved through around 89 fresh wallets before reaching a new address.
That final address received funding through Bybit and bridge activity shortly before the main drain. Researchers linked this funding pattern to the later attack flow. Tahax described the wallet movement as an attempt to hide the trail. “Each hop adds plausible deniability,” the investigator wrote in a post on X.
The exploit centered on an unverified locked contract with a permission issue. The attackers used that weakness to create new locks on already locked positions. Community researchers also pointed to older claims of internal access. In August 2025, a user reportedly shared screenshots of a Telegram service offering to unlock old DxSale LPs.
Backdoor Claims Add Pressure on DxSale
On-chain investigator Eyeonchain reported that the Telegram operator claimed links to the DxSale team. The person allegedly offered to unlock LPs from projects launched before late 2021. The operator reportedly asked for a 20% cut from recovered funds. The only stated condition involved access to the original wallet used during the DxSale launch.
Eyeonchain wrote that the latest exploit made the old claims appear more relevant. He also raised the possibility of insider-level knowledge behind the attack. DxSale had not issued an official public response across its social channels in the reports reviewed. The silence added attention to the ownership trail and contract design.
The incident follows other recent DeFi exploits across wallets, bridges, and staking platforms. StablR, SquidRouterModule, Kelp DAO, and Drift Protocol also faced large reported losses. Security researchers linked the DxSale incident to risks in older DeFi systems. They pointed to missing timelocks, weak ownership controls, and outdated monitoring around legacy contracts. Experts advised users with old DxSale LP positions to review their contracts on BscScan. They also urged projects to withdraw accessible funds and move remaining assets to audited locking tools.
The post DxSale Legacy Locker Exploit Drains $7.3M From BNB Chain Pools appeared first on Blockonomi.
This articles is written by : Nermeen Nabil Khear Abdelmalak
All rights reserved to : USAGOLDMIES . www.usagoldmines.com
You can Enjoy surfing our website categories and read more content in many fields you may like .
Why USAGoldMines ?
USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.