DxSale exploit drains $7.3M in BNB through hidden contract backdoor

DxSale has suffered a $7.3 million exploit after an attacker allegedly used a hidden backdoor in a liquidity locker contract to withdraw BNB locked by more than 1,400 liquidity providers on the BNB Chain.

According to blockchain security firm PeckShield, the attacker-controlled address “0xC457” moved approximately $1.87 million worth of BNB into two primary wallets before sending the funds to multiple deposit addresses associated with Binance.

The incident affected liquidity that had remained locked in DxSale contracts since the platform was widely used for token launches on BNB Chain in 2021.

Early findings from blockchain analyst Tahax suggest the exploit may have originated from a contract ownership change that took place months before the attack.

Tracing the ownership history further, Tahax said more than 80 additional transactions were used to pass control between wallets before it eventually reached the address identified as “0xC45,” which later executed the large-scale BNB withdrawals.

The analyst also noted that the exploiter wallet was newly created and initially funded through crypto exchange Bybit.

Researchers point to contract-level weakness

Additional analysis from Web3 security firm Coinsult linked the exploit to a privileged contract function and a manipulated lock period. According to Coinsult, the combination allowed funds that were supposed to remain locked to be treated as withdrawable balances.

The security firm said a privileged “setFee” mechanism, combined with a backdated lock configuration, enabled repeated withdrawal actions that ultimately drained the BNB reserves. Tahax separately alleged that a backdoor had been left in the deployer contract, creating conditions for the exploit.

By the time investigators identified the attack path, some of the stolen funds had already moved through infrastructure that may complicate tracking efforts, according to Tahax.

DeFi security concerns grow after recent attacks 

The latest breach arrives as decentralized finance platforms continue to face security incidents across multiple networks.

Data from DefiLlama shows DeFi protocols have lost about $52 million to exploits so far in May, following roughly $634 million in losses recorded during April, the highest monthly total since February 2025.

Security concerns intensified this week after Stake DAO disclosed an exploit involving its vote-boosted sdCRV token on Arbitrum. Blockchain security company Blockaid reported that an attacker minted more than 5.4 trillion vsdCRV tokens and began exchanging them for ETH, while Stake DAO urged users not to interact with the asset as investigators tracked transactions across Arbitrum and Ethereum.

Elsewhere, Wasabi Protocol reported losses exceeding $5 million after a compromised administrative key allowed attackers to upgrade contracts and drain funds across Ethereum, Base, Berachain, and Blast.

Amid the recent string of incidents, OpenZeppelin co-founder Manuel Aráoz warned that advances in AI-assisted vulnerability discovery are making attacks easier to execute.

In comments cited earlier by crypto.news, Aráoz said he now considers “all of DeFi” unsafe because attackers increasingly have access to powerful tools that can identify software weaknesses before developers can patch them.

According to DefiLlama, crypto exploits have resulted in more than $17 billion in cumulative losses, including roughly $7.8 billion stolen from DeFi protocols alone.