An exploit targeting DxSale's legacy liquidity locker on BNB Chain drained $7.3 million from roughly 1,400 liquidity pools. Analysts say backdoor vulnerabilities in the contract made the attack possible.
The backdoor vulnerability
The compromised system was an older version of DxSale's liquidity locker, a tool that locks liquidity provider tokens to prevent developers from pulling funds. Investigators traced the breach to what they described as backdoor weaknesses — hidden access points that allowed the attacker to bypass normal security checks and siphon assets.
Blockchain security firms monitoring the incident noted that the exploit targeted multiple pools at once. The attacker moved quickly, draining tokens from each pool before the contract could be paused or patched.
Impact on liquidity pools
The 1,400 affected pools represent a wide range of token projects that relied on DxSale's locker to secure their liquidity. For many of those projects, the loss is total — the stolen funds were the locked liquidity that underpins trading on decentralized exchanges.
Users of those pools are now left with worthless positions. Some projects have already issued statements warning their communities that the locked tokens are gone and that recovery is unlikely.
DxSale hasn't released a public update since the exploit. The company's team is presumably working on an incident report and a fix for the vulnerability. But for now, there's no timeline for compensation or remediation.
The exploit is a reminder that older smart contracts can become ticking time bombs as the DeFi ecosystem evolves. Auditors and developers are urging projects using legacy lockers to migrate to updated versions — before the next attacker finds the door.
