Blockchain security firm PeckShield has raised the alarm over a major exploit targeting legacy liquidity locker contracts of DxSale on BNB Chain.
According to on-chain analyst Tahax and the official PeckShieldAlert account, attackers successfully drained around $7.3 million in value from more than 1,400 old liquidity provider positions that were locked in outdated DxSale contracts.
The primary attacker address 0xC4574DDEF299e7E563971e200433e592EeaaFA69 transferred a total of 2,958 BNB, worth approximately $1.87 million at current prices, to two main wallets. These funds were subsequently routed and deposited into multiple Binance deposit addresses.
Exploit background and impact
DxSale was once a widely used liquidity locking platform in the early days of the BNB Chain ecosystem, especially popular among memecoin projects and tokens like SafeMoon for locking LP tokens to assure investors and prevent rug pulls. Many of these legacy contracts from the 2021 period had remained untouched with substantial locked assets until now.
The attack involved ownership transfers on several old locker contracts followed by sophisticated draining techniques. The attacker manipulated unlock timestamps, reduced fees to near zero, and executed batch withdrawals across hundreds of liquidity pools in a highly efficient manner using custom contracts.
Signs of possible insider involvement
Community researchers have pointed out several suspicious signs that suggest possible insider involvement.
These include earlier offers on Telegram channels claiming internal access to unlock old DxSale LPs as far back as August 2025, a transfer of 104 BNB to the attacker wallet from Bybit roughly 20 hours before the main drain, and the complete silence from the DxSale team across all their social channels with no official statement or response issued so far.
This incident echoes a previous 2023 vulnerability disclosure by Decurity that highlighted risks in DxSale’s locking mechanisms.
Security lessons and recommendations
This incident highlights the ongoing risks associated with outdated DeFi infrastructure that lacks modern security features such as proper timelocks, multisignature controls, or monitoring for ownership changes.
Many early BNB Chain projects and users who still have LP tokens locked in these older DxSale contracts from 2021 and 2022 are advised to immediately check their positions on BscScan and withdraw any accessible funds. Experts strongly recommend migrating any remaining assets to more secure and audited locking solutions.
The Crypto Times will continue to monitor the situation closely for any further on-chain developments, responses from DxSale, or updates regarding the drained funds on Binance. This event serves as a stark reminder for all DeFi participants to review and update their legacy positions and always practice rigorous due diligence when dealing with older smart contracts.
Also Read: Stake DAO Exploited as Hacker Mints 5.4 Trillion Fake vsdCRV
