- Trending
- Comments
- Latest
Attackers drained approximately $7.3 million from more than 1,400 liquidity pools on BNB Chain on Thursday by exploiting a legacy DxSale locker contract whose ownership had been silently transferred to a new wallet nine months earlier, with no announcement, no migration notice, and no public disclosure to users.
The incident, which appears to involve a legacy liquidity locker contract once widely trusted during the 2021 meme-token boom, has reignited concerns about custodial DeFi systems, unverified smart contracts, and aging blockchain infrastructure.
The alleged exploit unfolded early Thursday across DxSale’s older locker contracts on BNB Chain, according to blockchain analysts and crypto security researchers monitoring wallet activity in real time.
Analysts claim ownership of the locker contract had quietly been transferred nearly nine months ago without public notice, allowing a custom-built draining mechanism to later extract liquidity from locked pools.
The DxSale liquidity locker drain affected dormant projects and legacy token ecosystems, including liquidity tied to high-profile 2021-era projects such as SafeMoon.
At the center of the controversy is a painful irony: DxSale built its reputation during the DeFi boom as a platform designed to protect users from “rug pulls,” the crypto industry term for insider thefts and sudden liquidity withdrawals.
Now, critics say the platform itself may have become the latest cautionary tale.
Blockchain investigators say the DxSale liquidity locker drain involved a series of coordinated on-chain actions that allowed attackers to regain effective control over previously locked liquidity.
According to posts published by on-chain analyst Tahax, ownership of the locker contract was transferred 269 days ago to another wallet address without any migration announcement or public disclosure to users. Analysts later observed the deployment of what security researchers described as a specialized “drainer” contract.
“Here’s how the exploit unfolded.269 days ago, the DxSale deployer quietly transferred ownership of the locker to a new wallet.The locker contract? Unverified. A backdoor was left in
No announcement, no migration notice, just a silent handoff,” — Tahax, blockchain analyst, in a post on X.
Researchers from Coinsult said they independently reviewed the wallet activity and contract behavior associated with the incident.
“About that DxSale locker ‘backdoor’, we have analysed it on-chain. Here is our take,” — Coinsult Audits, in a public security thread on X.
Coinsult said the drainer contract appeared unverified and had been deployed only hours before funds began moving out of liquidity pools.
According to the firm’s analysis, the code reduced withdrawal fees, manipulated lock timestamps by backdating them to 1970, and routed assets into BNB before dispersing funds through additional wallets.
The DxSale liquidity locker drain also sparked debate over whether the funds were intentionally mixed through services linked to AnySwapBot, though some analysts cautioned there was no definitive proof tying the tool directly to laundering activity.
“Soft shilling Anyswap bot, even though there is 0 proof it was used in the mixing,” — Krayne, crypto commentator, in response to speculation circulating on X.
At the time of publication, DxSale had not publicly responded to the allegations.
The scale of the DxSale liquidity locker drain extends beyond the immediate financial losses. During the explosive DeFi expansion of 2021, DxSale emerged as one of the most widely used liquidity locking services on BNB Chain, particularly among retail investors launching meme coins and speculative tokens.
In decentralized finance, liquidity lockers are marketed as trust mechanisms. Projects typically lock liquidity pool tokens to reassure investors that developers cannot suddenly withdraw funds and abandon the project. But the latest incident underscores a key vulnerability: if locker contracts themselves retain upgrade permissions or hidden administrative access, the security guarantees may be weaker than users assume.
“In 2021, if you launched a token on BNB Chain, you locked your LP with DxSale. It was the trust layer for retail,” — Tahax, blockchain analyst, in a post on X.
Security researchers and developers say the DxSale liquidity locker drain may become one of the largest known examples of risks tied to custodial liquidity systems from the previous crypto cycle. Many of those contracts, analysts say, were poorly documented, closed-source, or never independently verified.
“This can happen to any LP locker that is custodial down the line,” — Hank, crypto developer and commentator, in a post on X. “Even if they say ‘locked forever,’ if program can be upgraded… it can be stolen.”
The incident has also revived scrutiny around proxy contracts, upgradeable smart contracts, and the broader lack of transparency across early DeFi infrastructure.
Reaction to the DxSale liquidity locker drain spread rapidly across the crypto industry, with developers, traders, and rival launchpad operators criticizing what they described as preventable security weaknesses.
Yann, a representative associated with PinkSale, referenced a separate liquidity drain involving another launchpad platform last year while contrasting DxSale’s locker structure with non-upgradeable alternatives.
“After gempad_app LP drain last year now dxsale follows suit,” — Yann, PinkSale ecosystem contributor, in a post on X.
The fallout also exposed lingering tensions from the 2021 meme-token era. Several commentators referenced SafeMoon’s historic connection to DxSale and questioned whether long-abandoned liquidity pools were ever truly secure.
While blockchain analytics firms continue tracing wallet movements, portions of the stolen funds already appear fragmented across multiple addresses, complicating recovery efforts.
Analysts estimate that while approximately $1.74 million had already been extracted, another $2.91 million in liquidity may still remain vulnerable.
The DxSale liquidity locker drain arrives during a period of heightened anxiety in decentralized finance, where confidence has increasingly shifted toward audited, transparent, and immutable protocols. For many users, the breach serves as a reminder that “locked” funds may only be as secure as the underlying contract architecture.
Primary sources:
Copyright © 2025 - The Bit Gazette.
