Headline: DxSale liquidity locker drained of $7.3M in BNB after attacker exploits hidden backdoor Summary: A long-dormant DxSale liquidity locker on BNB Chain was emptied for roughly $7.3 million in BNB after an attacker allegedly leveraged a hidden backdoor and privileged contract functions to withdraw funds that had been locked since the platform’s heyday in 2021. More than 1,400 liquidity providers were impacted. What happened - Security firm PeckShield and independent analysts say an attacker moved roughly $1.87 million in BNB from the exploited contracts into two primary wallets before routing funds to multiple Binance deposit addresses. Overall outflows total about $7.3M. - The affected liquidity had been locked in DxSale contracts since 2021, when DxSale was widely used for token launches on BNB Chain. How the exploit appears to have worked - Early on-chain analysis from blockchain investigator Tahax and Web3 security firm Coinsult points to a combination of factors: a privileged contract function, a manipulated (backdated) lock period, and what analysts describe as a deployer backdoor or ownership change introduced months before the attack. - Coinsult says a recently deployed "drainer" contract hardcoded the targeted locker and WBNB routing, gated functions, and used an administrative mechanism (reported as a setFee function) plus a backdated lock configuration to repeatedly treat locked funds as withdrawable balances. - Tahax’s tracing indicates control of the relevant contracts was passed through more than 80 transactions and several wallets before ending up at an address that executed the large-scale withdrawals. Analysts also flagged that the exploiter’s wallet was newly created and initially funded via Bybit. Tracing and laundering - By the time the attack path was reconstructed, portions of the proceeds had been mixed through services and bots (analysts noted activity resembling AnySwap bot mixing), complicating on-chain tracing and recovery efforts. Context — a bad month for DeFi security - The DxSale breach comes amid a spike in DeFi incidents. DefiLlama shows about $52M lost to exploits so far in May after roughly $634M in April — April being the largest monthly total since February 2025. - Other recent incidents include: - Stake DAO on Arbitrum: an attacker allegedly minted over 5.4 trillion vsdCRV (vote-boosted sdCRV) and started swapping for ETH; the team has urged users not to interact with the asset while investigations continue. - Wasabi Protocol: losses exceeding $5M after a compromised administrative key allowed attackers to upgrade contracts and drain funds across Ethereum, Base, Berachain, and Blast. Expert take and implications - Manuel Aráoz, co-founder of OpenZeppelin, has warned that AI-assisted vulnerability discovery tools are accelerating the pace at which attackers find exploitable code, increasing systemic risk across DeFi. - DefiLlama’s cumulative tally of crypto exploits now exceeds $17 billion, including roughly $7.8 billion taken from DeFi protocols — underscoring continuing fragility in smart-contract tooling, audits, and operational security. What this means for users - Liquidity providers with long-locked positions should review contract ownership and upgradeability settings before committing funds. - Users should avoid interacting with any suspicious tokens tied to incidents and follow official project channels for alerts. - As always, diversify risk, favor well-audited contracts, and consider limiting exposure to evergreen or administrative privileges that could be abused. Investigations are ongoing. Security firms and on-chain analysts continue to trace flows and assess whether any portion of the stolen funds can be recovered. Read more AI-generated news on: undefined/news