Memecoin launch platform DxSale lost $7.3 million in a cyberattack hitting about 1,400 liquidity provider positions on the BNB Chain, blockchain security firm PeckShield reported Friday.
The exploit adds to a growing wave of decentralized finance thefts that have drained over $52 million in May. It comes amid heightened scrutiny of DeFi security after industry figures warned that AI-powered attacks are making the sector fundamentally unsafe.
## How the Exploit Unfolded
The attacker’s address, identified as “0xC457,” moved $1.87 million worth of BNB tokens into two primary wallets before depositing funds into multiple Binance deposit addresses, according to PeckShield’s analysis posted on X.
Blockchain analyst Tahax, who tracked the exploit, noted the exploiter wallet was freshly created and funded through crypto exchange Bybit, suggesting careful preparation.
DxSale was originally used as a liquidity locker for tokens launched on the BNB Chain during the 2021 bull market. Tahax estimated the locker still holds liquidity from projects launched years ago, meaning many affected positions may have been long-forgotten by their original creators.
## Suspicious Ownership Transfer
A key detail uncovered by on-chain analysis: the DxSale deployer quietly transferred ownership of the locker contract to a new wallet 269 days before the attack. Tahax alleged that “a backdoor was left in” without any official migration announcement to users.
The analyst pointed to evidence of 80 additional transactions executed through the same mechanism, suggesting the exploitation was methodical and planned over an extended period.
The attacker has already begun moving funds through infrastructure designed to hide the trail, making recovery unlikely.
## DeFi Security Under Pressure
The DxSale incident comes as DeFi security faces its most serious reputational challenge since the 2022 market crash. Data aggregator DefiLlama shows May’s $52 million in losses, down sharply from April’s $634 million, still continues a worrying trend. April was the worst single month since February 2025.
April’s staggering losses were driven by multiple high-profile incidents, including what some analysts believe was the first major AI-coordinated DeFi exploit. The concentration of losses in a single calendar month suggests sustained or coordinated attacker activity rather than isolated opportunistic hacks.
Manuel Araoz, founder of blockchain security platform OpenZeppelin, made headlines this week by declaring he now considers “all of DeFi unsafe” due to AI’s growing ability to identify smart contract vulnerabilities at scale.
## What This Means for BNB Chain Projects
The DxSale exploit highlights specific vulnerabilities in liquidity locker contracts — smart contracts designed to lock tokens for a set period to prevent rug pulls. A contract having its ownership transferred without community notice raises questions about governance transparency across BNB Chain’s DeFi ecosystem.
Projects that used DxSale for liquidity locking may need to verify whether their positions remain secure. The exploit appears to have targeted the locker contract itself rather than individual project tokens.
The incident also raises questions about the due diligence platforms perform when selecting liquidity infrastructure. DxSale was widely used during the 2021-2022 cycle, and its continued activity demonstrates how legacy smart contract risk persists long after initial deployment.
## FAQ
**How much was stolen in the DxSale exploit?**
$7.3 million was drained across 1,400 liquidity provider positions on the BNB Chain.
**Was the DxSale exploit a hack or inside job?**
On-chain analysis shows the contract ownership was quietly transferred 269 days before the exploit, and the attacker’s wallet was freshly funded through Bybit. The exact nature is still being investigated.
**What should DxSale users do?**
Users who locked liquidity through DxSale should verify their positions. The exploit affected the locker contract itself, which may have implications for any project that used the platform.
*Sources: PeckShield, Tahax (on-chain analysis), DefiLlama, CoinTelegraph*
