More than 1,400 liquidity pools tied to old DxSale contracts on BNB Chain were drained in a $7.3 million exploit first flagged on May 29 by a user named 'Tahax'. The attacker pulled funds from DxSale's locker — a contract that held LP tokens from projects launched years ago — and moved them through AnySwap to obscure the trail. The exploit adds to a brutal month for crypto security, with losses piling up across bridges and lending protocols.
How the exploit worked
The attacker used wallet 0xC457...FA69, a new address funded from Bybit and possibly routed through AnySwap, to take ownership of DxSale's locker contract. That contract was unverified and likely contained a backdoor, which the attacker exploited to drain the LP tokens within hours. From there, 2,958 BNB ($1.87 million) was transferred into two main wallets, then moved through deposit addresses on Binance.
A quiet ownership change
Nearly nine months ago, the DxSale deployer transferred ownership of the locker to a new wallet — with no public announcement or migration notice. The old contracts had sat untouched for years, making them a ripe target. DxSale, a launchpad platform, hasn't made any statement about the exploit since it was discovered.
Part of a brutal May
This isn't an isolated incident. The crypto sector lost at least $650 million in April from similar hacks. May alone saw a $11 million Verus bridge exploit, a $5.9 million attack on TrustedVolumes, and a possible $10 million THORChain incident. OpenZeppelin co-founder Manuel Aráoz declared 'all of DeFi unsafe', arguing AI-assisted attackers are finding vulnerabilities faster than security teams can patch them. The DxSale locker — old, unverified, and silently transferred — fits that grim pattern.
DxSale has yet to respond to requests for comment. The locker contract remains unpatched, and the attacker's trail through AnySwap means funds are likely gone for good.
