An attacker made off with roughly $7.3 million from more than 1,400 old liquidity-provider positions on the BNB Chain over the weekend, draining funds locked in legacy DxSale locker contracts. Security firms PeckShield and Coinsult flagged the incident on May 29, noting that the exploit didn't rely on a bug in the smart contract code itself.
The silent ownership transfer
Instead of breaking the contract open, the attacker used a silent ownership transfer. That means they quietly took control of the locker contract from the original deployer — likely through a compromised private key or a phishing attack — and then simply withdrew the stuck liquidity. The positions themselves were from old DxSale locker contracts, suggesting pools that had been abandoned or left unmaintained.
Why legacy contracts were the target
Liquidity locker contracts are designed to hold tokens for a set time, preventing developers from pulling liquidity prematurely. But old, unupdated versions can become vulnerable if their ownership keys are mishandled. The 1,400 positions affected were all from earlier DxSale deployments. The attacker apparently identified these dormant accounts and exploited the fact that ownership had not been properly transferred to a secure multi-sig or renounced.
What the security firms reported
PeckShield posted about the drain on X (formerly Twitter), warning users that the exploit was not a smart-contract vulnerability. Coinsult also flagged the incident, highlighting the method: an ownership transfer rather than a code-level attack. Neither firm identified the attacker or said whether any funds have been recovered.
Unanswered questions
DxSale, a platform that helps projects launch and lock liquidity, has not publicly commented on the incident as of this writing. It remains unclear whether the compromised keys belonged to individual pool creators or to DxSale itself. The total loss — $7.3 million — is large enough to draw scrutiny from blockchain investigators, but no formal investigation has been announced. For now, the exploit serves as a reminder that old locker contracts can be just as risky as a poorly written new one.
