DxSale Drained of $7.3M in BNB Chain Cyberattack

TL;DR:

• DxSale was drained of about $7.3M on BNB Chain, affecting around 1,400 liquidity providers tied to old memecoin liquidity lockers.
• PeckShield tracked $1.87M in BNB moving into two wallets and multiple Binance deposit addresses, while analysts warned tracing was becoming harder.
• Tahax alleged ownership changes and a backdoor, while Coinsult pointed to privileged setFee access and a backdated lock enabling withdrawals from supposedly locked deposits across affected pools very quickly.

DxSale’s BNB Chain liquidity locker has become the latest reminder that DeFi risk does not expire just because a product fades from the front page. The memecoin launch platform was drained of about $7.3M in a cyberattack affecting around 1,400 liquidity providers. The unsettling detail is that legacy liquidity became the target, with funds tied to projects launched years ago still sitting inside contracts that attackers could allegedly manipulate. For traders and project teams, the incident turns forgotten infrastructure into an active balance-sheet risk rather than historical technical baggage.

#PeckShieldAlert Tahax reported that @DxSale was drained ~$7.3M from 1,400 @BNBCHAIN LPs.

The address 0xC457…FA69 transferred a total of 2,958 $BNB (~$1.87M) to 2 main wallets, and subsequently deposited to multiple #Binance deposit addresses. pic.twitter.com/mQRO3zwuBT

— PeckShieldAlert (@PeckShieldAlert) May 29, 2026

The attack centered on BNB withdrawals from DxSale-linked liquidity pools. Blockchain data cited by PeckShield showed the attacker address, identified as 0xC457, transferred $1.87M worth of BNB into two main wallets before depositing funds into multiple Binance deposit addresses. The money trail quickly became harder to follow, according to onchain analyst Tahax, who said some funds had already moved through infrastructure that could complicate tracing. That speed matters because recovery odds often shrink once stolen assets disperse across exchange deposits, intermediary wallets and obfuscation routes.

Old locker contracts return as a DeFi liability

The deeper concern is how the exploit reportedly became possible. Tahax said the DxSale deployer quietly transferred ownership of the locker contract to a new wallet 269 days earlier, alleging that a backdoor remained without an official migration announcement. The analyst also pointed to another 80 transactions that executed later ownership hops for obfuscation before ownership landed at wallet 0xC45, which began mass BNB withdrawals. The alleged ownership chain makes governance opacity central, because users may have believed liquidity was locked while contract control had effectively shifted behind the scenes.

Security firm Coinsult described the exploit as involving a privileged setFee function and a backdated lock that turned locked deposits into a withdrawable balance. The DxSale case lands during another difficult month for DeFi security, with hacks stealing $52M so far in May after April’s $634M surge, the highest monthly level in more than a year. The broader signal is that dormant contracts can still create live losses, especially as the sector faces renewed warnings over AI-assisted vulnerability discovery, old codebases and weak migration disclosures. For LPs, the immediate question is not only how $7.3M left, but how many other forgotten lockers still carry similar operational risk.