Memecoin launch platform DxSale has suffered a major exploit that drained about $7.3 million in crypto assets from its liquidity locker on the BNB Chain, affecting nearly 1,400 liquidity providers (LPs).
Blockchain security firm PeckShield reported that the attacker moved roughly $1.87 million worth of BNB into two wallets before sending portions of the funds to multiple Binance deposit addresses. The suspicious transactions were flagged on Friday as investigators continued tracing the stolen assets.
#PeckShieldAlert Tahax reported that @DxSale was drained ~$7.3M from 1,400 @BNBCHAIN LPs.
The address 0xC457…FA69 transferred a total of 2,958 $BNB (~$1.87M) to 2 main wallets, and subsequently deposited to multiple #Binance deposit addresses. pic.twitter.com/mQRO3zwuBT
— PeckShieldAlert (@PeckShieldAlert) May 29, 2026
DxSale became widely known during the 2021 memecoin boom for allowing projects on the BNB Chain to lock liquidity after token launches. Some of those old liquidity pools reportedly remained active inside the platform’s locker contract years later.
Old locker contracts were a target
Onchain analyst Tahax said the exploiter wallet was newly created and funded through crypto exchange Bybit before carrying out the attack. According to the analyst, the locker contract still contained liquidity tied to projects launched during the peak of the memecoin cycle.
Tahax also claimed that ownership of the locker contract was quietly transferred to a different wallet about 269 days ago without any official migration notice. The analyst alleged that the transfer left a hidden “backdoor” inside the contract.
Blockchain records reportedly showed over 80 ownership transfers between wallets before control finally landed in the address linked to the exploit.
Backdoor allegedly enabled withdrawals
Web3 security platform Coinsult said the exploit may have been caused by a privileged contract setting combined with a manipulated lock mechanism.
According to Coinsult, the flaw allowed funds marked as “locked” to become withdrawable through repeated withdrawal loops. The attacker then extracted large amounts of BNB from the contract over multiple transactions.
Tahax warned that part of the stolen funds had already moved through systems that could make tracing more difficult.
Meanwhile, a recent DeFi exploit drained nearly $3 million from users linked to the SquidRouterModule on Ethereum and Base, according to blockchain security firm Blockaid. The attack reportedly affected 86 Gnosis Safes within about two hours, with stolen funds quickly swapped into DAI through attacker-controlled Uniswap V3 pools.
DeFi security concerns continue
The DxSale exploit adds to growing concerns around security risks in decentralized finance. Data from DefiLlama shows crypto hacks have caused more than $17 billion in losses across the industry, including nearly $7.8 billion linked directly to DeFi protocols.
Another DefiLlama data also showed DeFi exploits accounted for $52 million in losses so far in May, following April’s sharp spike to $634 million in stolen funds.
The rise in cyberattacks, partly fueled by malicious actors’ use of AI, has sparked widespread concern regarding the safety of the DeFi sector. This concern was explained by Manuel Aráoz, founder of blockchain security platform OpenZeppelin, who declared on Tuesday, “I now consider *all* of DeFi unsafe,” attributing this danger to AI’s growing skill in identifying smart contract flaws.
Enjoyed this? Bookmark DeFi Planet, explore related topics, and follow us on Twitter, LinkedIn, Facebook, Instagram, Threads and CoinMarketCap Community for seamless access to high-quality industry insights.
Take control of your crypto portfolio with DEFI PLANET PRO, DeFi Planet’s suite of analytics tools.
