Memecoin launch platform DxSale was drained of $7.3 million in funds in a cyberattack that affected around 1,400 liquidity providers (LPs) on the BNB Chain.
The attacker’s address “0xC457” transferred $1.87 million worth of BNB (BNB) tokens into two main wallets and subsequently deposited them into multiple Binance deposit addresses, according to blockchain data platform PeckShield in a Friday X post.
Back in 2021, DxSale was used to lock in liquidity for tokens launched on the BNB Chain. Blockchain analyst Tahax estimated that the locker still holds liquidity from projects launched years ago and explained that the exploiter wallet was freshly created and funded through crypto exchange Bybit.
The exploit adds to the renewed concerns around decentralized finance (DeFi) hacks, which have stolen $52 million so far in May, down from $634 million in April, which marked an over one-year high last seen in February 2025, according to data aggregator DefiLlama.
Mounting cyberattacks have led to widespread concerns about whether the wider DeFi sector is unsafe, partly due to the growing use of AI by malicious actors. “I now consider *all* of DeFi unsafe,” Manuel Aráoz, founder of the blockchain security platform OpenZeppelin, said on Tuesday, citing AI’s growing ability to identify smart contract vulnerabilities.
Source: PeckShield
DxSale stolen funds are already untraceable: onchain analyst
The attacker has already moved some funds through infrastructure that may make tracing more difficult, according to Tahax.
The analyst said that the DxSale deployer quietly transferred ownership of the locker contract to a new wallet 269 days ago, alleging that a “backdoor was left in” without an official migration announcement.
Source: Tahax
The analyst pointed to onchain evidence of another 80 transactions that executed subsequent ownership hops for obfuscation, before contract ownership landed at wallet ‘0xC45,’ which started the mass BNB withdrawals.
Related: Mystery Bitcoin burn destroys 107 BTC worth about $8.5M
The backdoor in the deployer contract, paired with a backdated lock, enabled the hacker to exploit withdrawal loops and extract the BNB tokens, wrote Web3 security platform Coinsult, in a Friday X post, adding:
“A privileged setFee plus a backdated lock turned ‘locked’ deposits into a withdrawable balance.”
Cointelegraph has approached DxSale for comment on the exploit and the final number of affected liquidity providers.
The exploit adds to more than $17 billion in crypto exploit losses tracked by DefiLlama, including about $7.8 billion from DeFi protocols.
Magazine: Agent wastes 14 hours of scammers’ time, LLMs ‘poisoned’ by Iran: AI Eye
