The DLMC (Decentralized Legacy Management Corporation) token protocol on BNB Chain suffered a treasury drain of roughly $222,560 in USDT on June 24, 2026, according to multiple on-chain security monitoring services and independent researchers.
The incident, which unfolded at approximately 11:15 UTC in block 106091607, highlights persistent risks in DeFi projects that rely on internally calculated token prices without robust safeguards against flash loan manipulation.
The attack was first flagged publicly by security-focused accounts on X, including @Defi_Nerd_sec, @DefimonAlerts, and @TenArmorAlert. TenArmorAlert reported the loss at around $222.6K and linked the primary transaction on BscScan.
What is DLMC?
DLMC positions itself as a decentralized financial ecosystem focused on transparent, community-driven digital asset management powered by smart contracts. Marketed as the “world’s first AI-powered intelligent DeFi ecosystem,” the protocol emphasizes full automation, no central authority, and dynamic tokenomics where tokens are minted on buys and burned on sells.
Its website (dlmc.io) describes a system where the token price is calculated dynamically, reportedly using liquidity reserves divided by total supply. The smart contract is CertiK-verified, ownership has been renounced, and liquidity is claimed to be locked. The project promotes accessibility with low entry deposits and community governance.
Prior to the exploit, the project’s official X account had shared updates highlighting growth and the mint-burn model. The token operates on BNB Chain (BSC), leveraging its low fees and EVM compatibility, which is popular for DeFi experiments.
How the Attack Unfolded
According to detailed technical breakdowns from DeFi security researchers, the attacker exploited a combination of flash loan mechanics, the protocol’s internal “livePrice” calculation, and referral/DAO reward distribution.
The attacker began by flash-swapping approximately 1.42 million USDT from a PancakeSwap liquidity pair. Using helper contracts (registered under affiliate/referral accounts), they executed large buy transactions into the DLMC contract:
- One helper bought ~420,000 USDT worth of DLMC.
- A second helper, registered under the first, bought an additional ~1 million USDT worth.
These buys deposited substantial USDT into the DLMC contract’s reserves. Critically, the protocol’s buy function mints the majority of new DLMC tokens directly to the contract address itself (address(this)), rather than immediately circulating them externally.
The protocol’s _updatePrice() function then recalculates the livePrice as USDT reserves divided by the externally circulating DLMC supply (excluding tokens held by the contract and certain pre-mined or LP balances). This created a rapid inflation of the internal price—from roughly $0.41 USDT to nearly $25 USDT—because the numerator (reserves) surged while the denominator (circulating supply) did not increase proportionally.
The attacker then sold referral/DAO reward DLMC tokens (approximately 65,908 DLMC received by one helper) back into the contract at this artificially inflated price, draining nearly the entire USDT treasury (~1.646 million USDT extracted). After repaying the flash loan (~1.423 million USDT), the attacker retained a net profit of about $222,560 USDT, which was sent to a designated receiver address.
Key addresses identified include the attacker’s EOA (0x74c4a756933d0f713facb1dea325ef511646c3b1), the profit receiver (0x701bb7b460ae231dbbcfa3d87f0ab5b458429699), and the vulnerable DLMC contract (0xf2ca2a3572b26ae7c479dc7ae36d922113b1bdf2).
Root Cause: A Self-Referential Pricing Trap
The core vulnerability stems from the protocol’s design for self-pricing redemptions and rewards. By tying price directly to contract reserves while excluding freshly minted (but contract-held) tokens from the circulating supply denominator, flash-funded deposits could disproportionately influence the price upward. Referral rewards, which appear to be minted and immediately sellable, provided an efficient way to extract value at the manipulated price without needing to hold or sell large positions acquired at market rates.
This is a classic example of a bonding-curve or reserve-based pricing mechanism being gamed when combined with flash loans and reward systems that lack sufficient cooldowns, caps, or oracle-independent safeguards. Even though the contract was audited (CertiK verified), the specific interaction between deposit mechanics, price updates, and referral logic created an exploitable edge case.
Researchers emphasized in their analysis that protocols cannot safely price redemptions or rewards from treasury reserves if flash-funded actions can move the numerator while newly created liabilities remain excluded from the denominator.
Impact and Context in DeFi Security
The absolute loss of ~$222,600 is relatively modest compared to multi-million or billion-dollar exploits seen in 2026 (such as larger bridge or protocol drains earlier in the year). However, it underscores that even smaller or mid-tier projects with audited contracts remain targets when economic incentives align for attackers.
The project’s decentralized nature (renounced ownership) may complicate rapid response or patching, though the community-driven model could allow governance proposals if active.
This incident adds to a long list of DeFi exploits involving flash loans, price oracle manipulation (or self-oracles), and reward farming mechanics. It serves as a reminder that technical audits alone are insufficient without rigorous economic modeling and stress-testing against adversarial scenarios like flash loans.
Broader Implications
For users and the broader ecosystem, such events erode trust in innovative but complex tokenomic designs. Projects emphasizing “dynamic pricing,” mint-burn models, and referral incentives must implement additional protections—such as time-weighted average prices (TWAP), external oracles for key valuations, sell cooldowns on rewards, or caps on single-transaction impacts.
Investors and participants in similar protocols are advised to review smart contract code (where possible), monitor on-chain activity via tools like BscScan or security dashboards, and diversify exposure. As DeFi evolves toward more sophisticated mechanisms, the DLMC incident is a timely case study in the importance of aligning technical implementation with robust economic security principles. The crypto community will be watching for any updates from the DLMC project and whether similar vulnerabilities exist in other reserve-driven or referral-heavy protocols.
Also Read: DeFi’s $45B Wipeout: Hacks and Market Crash Drive TVL Lower
