The DeFi platform DxSale, once a go-to launchpad and liquidity locker for BNB Chain memecoins, suffered a devastating exploit that siphoned approximately $7.3 million from more than 1,400 liquidity providers. The attack targeted legacy lockers containing funds tied to projects launched years ago, proving that dormant contracts can still be live liabilities.
On-chain data from PeckShield shows the attacker address 0xC4574DDEF299e7E563971e200433e592EeaaFA69 moved 2,958 BNB (roughly $1.87M) to two main wallets before depositing into multiple Binance deposit addresses. Analyst Tahax warned that the money trail was quickly becoming harder to follow, reducing chances of recovery.
The exploit did not appear out of nowhere. Investigations revealed that 269 days before the drain, the DxSale deployer quietly transferred ownership of the locker contract to a new wallet without any public migration notice. Over time, ownership was moved through about 80 separate transactions designed to obscure control. Two days before the attack, all rights were consolidated into wallet 0xC457, which then initiated mass withdrawals.
Security firm Coinsult detailed the technical execution: the attacker used a privileged setFee function to reduce the locking fee to 1 wei, then backdated the lock expiration to the Unix epoch (effectively 68 seconds), turning “locked” deposits into withdrawable balances. After disabling protection, the attacker repeatedly called withdrawal functions, converting tokens to WBNB and BNB before routing them through obfuscation layers.
The incident underscores a structural weakness in systems where “locked” liquidity depends on adjustable admin parameters rather than immutable code. With May already recording $52M in DeFi hacks and April’s $634M surge, the DxSale case renews alarms over AI-assisted vulnerability discovery and the risks of forgotten infrastructure.
