{"id":30149,"date":"2026-05-29T11:22:25","date_gmt":"2026-05-29T11:22:25","guid":{"rendered":"https:\/\/bitunikey.com\/news\/dxsale-exploit-drains-7-3m-in-bnb-through-hidden-contract-backdoor\/"},"modified":"2026-05-29T11:22:34","modified_gmt":"2026-05-29T11:22:34","slug":"dxsale-exploit-drains-7-3m-in-bnb-through-hidden-contract-backdoor","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/dxsale-exploit-drains-7-3m-in-bnb-through-hidden-contract-backdoor\/","title":{"rendered":"DxSale exploit drains $7.3M in BNB through hidden contract backdoor"},"content":{"rendered":"<p><\/p>\n<div class=\"post-detail__content blocks\">\n<p class=\"is-style-lead\">DxSale has suffered a $7.3 million exploit after an attacker allegedly used a hidden backdoor in a liquidity locker contract to withdraw BNB locked by more than 1,400 liquidity providers on the BNB Chain.<\/p>\n<div id=\"cn-block-summary-block_43a39f53080d370a1d48a117baa0e041\" class=\"cn-block-summary\">\n<div class=\"cn-block-summary__nav tabs\">\n        <span class=\"tabs__item is-selected\">Summary<\/span>\n    <\/div>\n<div class=\"cn-block-summary__content\">\n<ul class=\"wp-block-list\">\n<li>DxSale lost $7.3 million in a BNB Chain exploit affecting roughly 1,400 liquidity providers.<\/li>\n<li>Researchers linked the attack to a hidden contract backdoor and a previously undisclosed ownership transfer.<\/li>\n<li>The incident follows a wave of DeFi exploits, with protocols losing $52 million to hacks so far in May.<\/li>\n<\/ul><\/div>\n<\/div>\n<p><!-- .cn-block-summary --><\/p>\n<p><a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/PeckShieldAlert\/status\/2060188553079054351\" target=\"_blank\" rel=\"nofollow\">According<\/a> to blockchain security firm PeckShield, the attacker-controlled address \u201c0xC457\u201d moved approximately $1.87 million worth of BNB into two primary wallets before sending the funds to multiple deposit addresses associated with Binance.<\/p>\n<p>The incident affected liquidity that had remained locked in DxSale contracts since the platform was widely used for token launches on BNB Chain in 2021.<\/p>\n<p>Early findings from blockchain analyst Tahax suggest the exploit may have originated from a contract ownership change that took place months before the attack.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-x wp-block-embed-x\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">\ud83d\udea8 BREAKING: <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/x.com\/dxsale?ref_src=twsrc%5Etfw\">@DxSale<\/a> just drained ~$7.3M from OG <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/x.com\/BNBCHAIN?ref_src=twsrc%5Etfw\">@BNBCHAIN<\/a> LPs<\/p>\n<p>DxSale ran the largest liquidity locker of 2021. Hundreds of millions sat inside it. Even <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/x.com\/search?q=%24SAFEMOON&amp;src=ctag&amp;ref_src=twsrc%5Etfw\">$SAFEMOON<\/a> was locked here<\/p>\n<p>The team is now mixing the funds through what looks like <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/x.com\/AnySwapBot?ref_src=twsrc%5Etfw\">@anyswapbot<\/a>, and funds are now untraceable <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/t.co\/wYOv7LsIS0\">pic.twitter.com\/wYOv7LsIS0<\/a><\/p>\n<p>\u2014 Tahax (@Tahax1) <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/x.com\/Tahax1\/status\/2060003698651087205?ref_src=twsrc%5Etfw\">May 28, 2026<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n<p>Tracing the ownership history further, Tahax said more than 80 additional transactions were used to pass control between wallets before it eventually reached the address identified as \u201c0xC45,\u201d which later executed the large-scale BNB withdrawals.<\/p>\n<p>The analyst also noted that the exploiter wallet was newly created and initially funded through crypto exchange Bybit.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<h2 class=\"wp-block-heading\">Researchers point to contract-level weakness<\/h2>\n<p>Additional analysis from Web3 security firm Coinsult linked the exploit to a privileged contract function and a manipulated lock period. According to Coinsult, the combination allowed funds that were supposed to remain locked to be treated as withdrawable balances.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-x wp-block-embed-x\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">\u2757 About that DxSale locker &#8216;backdoor&#8217;, we have analysed it on-chain. Here is our take:<\/p>\n<p>The drainer: 0xc2efbd94\u202601e4718, unverified, solc 0.8.33, deployed ~9h ago by 0xC4574DD\u2026aaFA69. It hardcodes the victim locker as an immutable + WBNB for routing, and gates every function\u2026 <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/t.co\/POq7z2C8Pp\">https:\/\/t.co\/POq7z2C8Pp<\/a><\/p>\n<p>\u2014 Coinsult \u2013 Audits &amp; Development (@CoinsultAudits) <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/x.com\/CoinsultAudits\/status\/2060015934153146757?ref_src=twsrc%5Etfw\">May 28, 2026<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n<p>The security firm said a privileged \u201csetFee\u201d mechanism, combined with a backdated lock configuration, enabled repeated withdrawal actions that ultimately drained the BNB reserves. Tahax separately alleged that a backdoor had been left in the deployer contract, creating conditions for the exploit.<\/p>\n<p>By the time investigators identified the attack path, some of the stolen funds had already moved through infrastructure that may complicate tracking efforts, according to Tahax.<\/p>\n<h2 class=\"wp-block-heading\">DeFi security concerns grow after recent attacks\u00a0<\/h2>\n<p>The latest breach arrives as decentralized finance platforms continue to face security incidents across multiple networks.<\/p>\n<p><a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/defillama.com\/hacks?time=1y\" target=\"_blank\" rel=\"nofollow\">Data<\/a> from DefiLlama shows DeFi protocols have lost about $52 million to exploits so far in May, following roughly $634 million in losses recorded during April, the highest monthly total since February 2025.<\/p>\n<p>Security concerns intensified this week after Stake DAO disclosed an exploit involving its vote-boosted sdCRV token on Arbitrum. Blockchain security company Blockaid reported that an attacker minted more than 5.4 trillion vsdCRV tokens and began exchanging them for ETH, while Stake DAO urged users not to interact with the asset as investigators tracked transactions across Arbitrum and Ethereum.<\/p>\n<p>Elsewhere, Wasabi Protocol reported losses exceeding $5 million after a compromised administrative key allowed attackers to upgrade contracts and drain funds across Ethereum, Base, Berachain, and Blast.<\/p>\n<p>Amid the recent string of incidents, OpenZeppelin co-founder Manuel Ar\u00e1oz warned that advances in AI-assisted vulnerability discovery are making attacks easier to execute.<\/p>\n<p>In comments cited earlier by crypto.news, Ar\u00e1oz said he now considers \u201call of DeFi\u201d unsafe because attackers increasingly have access to powerful tools that can identify software weaknesses before developers can patch them.<\/p>\n<p>According to DefiLlama, crypto exploits have resulted in more than $17 billion in cumulative losses, including roughly $7.8 billion stolen from DeFi protocols alone.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p><\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>DxSale has suffered a $7.3 million exploit after an attacker allegedly used a hidden backdoor in a liquidity locker contract to withdraw BNB locked by more than 1,400 liquidity providers&hellip;<\/p>\n","protected":false},"author":1,"featured_media":30150,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-30149","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/30149","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=30149"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/30149\/revisions"}],"predecessor-version":[{"id":30151,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/30149\/revisions\/30151"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/30150"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=30149"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=30149"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=30149"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}