DxSale was hacked for $7.3 million due to a security flaw in one of its smart contracts. An attacker exploited a hidden backdoor to withdraw BNB cryptocurrency that was locked by over 1,400 users on the BNB Chain.
Summary
- DxSale lost $7.3 million in a BNB Chain exploit affecting roughly 1,400 liquidity providers.
- Researchers linked the attack to a hidden contract backdoor and a previously undisclosed ownership transfer.
- The incident follows a wave of DeFi exploits, with protocols losing $52 million to hacks so far in May.
Security firm PeckShield reports that the hacker behind a recent attack transferred around $1.87 million in BNB to two main wallets. From there, the funds were distributed to several deposit addresses linked to Binance.
As a crypto investor, I was pretty concerned to learn about the recent issue with DxSale. It seems some liquidity – money that was locked up in their contracts from token launches way back in 2021 on BNB Chain – was affected. Basically, funds from those older launches were impacted, and that’s never a good sign.
Initial investigations by blockchain analyst Tahax indicate the recent attack might have stemmed from a change in contract ownership that happened several months ago.
🚨 Urgent: DxSale has withdrawn approximately $7.3 million from original liquidity providers on the BNB Chain.
DxSale was a major liquidity locker in 2021, holding hundreds of millions of dollars, including funds from projects like SAFEMOON.
The team is now seemingly using Anyswap to mix the stolen funds, making them difficult to trace.
— Tahax (@Tahax1) May 28, 2026
Digging deeper into the ownership trail, Tahax found over 80 transactions were used to move control between different digital wallets. Eventually, control landed with a wallet labeled “0xC45,” which then carried out the significant BNB withdrawals.
The analyst also pointed out that the wallet used by the hacker was recently created and first received funds from the cryptocurrency exchange, Bybit.
Researchers point to contract-level weakness
Security firm Coinsult investigated further and found the issue stemmed from a specific function within the system and a change to how long funds were locked. They determined this combination mistakenly allowed users to withdraw funds that were meant to be held.
We’ve investigated the recent concerns about a potential ‘backdoor’ in the DxSale locker. Here’s what we found: The malicious contract (address: 0xc2efbd94…01e4718) was deployed about 9 hours ago by 0xC4574DD…aaFA69. It’s unverified and uses the Solidity compiler version 0.8.33. This contract is designed to drain funds by permanently locking the victim’s locker and using WBNB for transaction routing, effectively blocking access to all functions.
— Coinsult – Audits & Development (@CoinsultAudits) May 28, 2026
According to the security firm, a combination of a special setting called “setFee” and an older lock setting allowed attackers to repeatedly withdraw funds, eventually emptying the BNB reserves. Another researcher, Tahax, claims a hidden vulnerability was intentionally left in the contract that deployed the system, which made the attack possible.
According to Tahax, by the time investigators figured out how the attackers gained access, some of the stolen money had already been transferred through systems that could make it difficult to follow the funds.
DeFi security concerns grow after recent attacks
This new security problem comes as decentralized finance platforms keep experiencing attacks on various networks.
According to data from DefiLlama, decentralized finance (DeFi) protocols have experienced around $52 million in losses due to security breaches in May. This follows a significantly higher $634 million lost in April, marking the largest monthly total since February 2025.
This week, concerns about security increased after Stake DAO revealed a problem with its sdCRV token on Arbitrum. According to Blockaid, a blockchain security firm, someone created over 5.4 trillion fake vsdCRV tokens and started trading them for Ethereum. Stake DAO has advised users to avoid the token while the issue is investigated on both Arbitrum and Ethereum.
Wasabi Protocol lost over $5 million due to a security breach. Attackers gained access through a compromised administrative key and were able to manipulate the system to steal funds on Ethereum, Base, Berachain, and Blast networks.
Following a series of recent security breaches, OpenZeppelin co-founder Manuel Aráoz cautioned that improvements in AI-powered tools for finding weaknesses in code are simplifying the process of launching attacks.
As crypto.news previously reported, Aráoz now believes the entire decentralized finance (DeFi) space is risky. He explained that attackers are getting better at finding flaws in software code before developers have a chance to fix them.
Data from DefiLlama shows that cryptocurrency hacks and exploits have caused over $17 billion in losses overall, with about $7.8 billion of that coming specifically from attacks on decentralized finance (DeFi) platforms.
Read More
- Off Campus Season 1 Soundtrack Guide
- X-Men ’97 Finally Gave Gambit the Hero Moment He Deserved
- Chainsaw Man Volume 24’s Cover Art Reveals a Brand-New Denji
- 46 Years Later, The Mandalorian & Grogu Answers A Major Empire Strikes Back Question
- HoI4 fans harsh reactions to the announcement of another DLC pack
- 10 Worst End-Game Couples In Sitcom History
- DoorDash responds after customer uses AI to make food look bad and get a refund
- Dragon Quest II HD-2D Remake: Where to get the Magic Key
- Emily Henry Says to ‘Trust the Vision’ For Beach Read Adaptation
- Hatsune Miku cosplayer goes viral selling $15 cups of “foot juice” to thirsty anime fans
2026-05-29 14:47