DxSale Liquidity Lockers Drained of $7.3 Million on BNB Chain

A major security breach has hit DxSale, one of the most widely used liquidity locking platforms from the 2021 bull market. Attackers drained approximately $7.3 million in assets from over 1,400 legacy liquidity pools on the BNB Chain. This incident raises serious questions about the long-term safety of older DeFi infrastructure that many projects and investors had trusted for years.

Blockchain security firm PeckShield confirmed the large-scale drain, targeting legacy liquidity locker contracts extensively used during the previous market cycle. The incident was first surfaced by on-chain researcher Tahax, who noted that DxSale ran the largest liquidity locker in 2021, holding hundreds of millions in value. Even SafeMoon had its liquidity locked there.

How the Attack Worked

According to transaction analysis, the root cause was a silent ownership transfer of the legacy locker contract that occurred around 269 days ago. The attacker gained control and routed the stolen funds through roughly 80 intermediate wallets to hide their tracks. The primary attacker address received funding from Bybit shortly before the exploit, then deployed a custom drainer contract.

The attacker transferred around 2,958 BNB (worth about $1.87 million) to intermediary wallets, which later deposited funds into multiple Binance addresses. Portions of the stolen liquidity were routed through cross-chain mixers, making full tracing difficult.

Underlying Issues

This was not a traditional smart contract vulnerability, but the result of retained administrative privileges on an unverified legacy contract. Community discussions suggest the backdoor may have been known and exploited selectively as early as August 2025. Individuals in Telegram groups reportedly advertised access to old DxSale locks.

DxSale was a dominant liquidity locker during the 2021 bull run, used by hundreds of new token launches including high-profile projects like SafeMoon. It played a key role in building initial trust for many memecoins and DeFi projects at the time.

Broader Implications for DeFi

This incident adds to the growing list of 2026 security events exposing weaknesses in older infrastructure, poor key management, and unrenounced administrative controls on the BNB Chain. It follows a recent exploit on the same network that drained about $187,000 from AM Token and Wukong staking contracts.

The bigger lesson here is simple: in DeFi, locked liquidity is only as safe as the ownership model behind it. Proper verification, ownership renunciation, and ongoing monitoring are now essential, even for long-dormant contracts. Many projects that believed their liquidity was permanently locked may now face significant losses.

The post DxSale Liquidity Lockers Drained of $7.3 Million on BNB Chain appeared first on TheCryptoUpdates.