-
According to an on-chain analyst, DxSale legacy liquidity locker has suffered a cyber attack, allowing hackers to steal approximately $7.3 million from BNB Chain’s liquidity pools.
-
The attacker has deployed “transferred ownership” of the legacy locker contract in August 2025, which is like 269 days ago.
-
According to Eyeonchain, this attack might have some kind of a backdoor that was there on the platform for years.
According to the latest report shared by on-chain investigators, DxSale’s legacy liquidity locker on BNB Chain has suffered a cyberattack, allowing hackers to steal approximately $7.3 million from BNB Chain’s liquidity pools.
DxSale Locker Compromised After 269 Days
As per details shared by Tahax, in this cyber attack on DxSale, more than 1,400 liquidity pools have been compromised. After stealing the money from the platform, hackers have quickly swapped tokens and used crypto mixture services, including AnySwap. Most hackers use these techniques to erase the footprints of stolen funds.
This attack was first highlighted by Tahax, who shared a post on X (formerly Twitter) with important details regarding the cyberattack. According to this thread, this attack was pre-planned as the DxSale deployer silently transferred ownership of the legacy locker contract in August 2025, which was around 269 days before this attack took place. The strange part of this transfer is that there was no official statement for this migration from the official.
After this, the ownership was transferred via approximately 89 wallets, and in the end, the ownership finally landed on a new address, which was funded by Bybit and other bridge activities just a day ago.
One of the biggest loopholes was an unverified locked contract. In this contract, there was a permission in the program. By using this, hackers have created new locks on already-locked positions.
“Over ~80 transactions, ownership hopped between fresh wallets: laundering the trail on-chain while keeping admin rights live. Classic obfuscation, each hop adds plausible deniability,” stated in the post on X.
In the last two months, the DeFi sector has suffered a large number of cyber attacks, losing millions of dollars of funds. On May 23, StablR lost more than $2.8 million after its private key was stolen. After two days, on May 25, the SquidRouterModule suffered another cyber theft in which the attacker had drained roughly $3 million from Gnosis Safe wallets through a third-party module.
In April, Kelp DAO suffered one of the biggest hacks of this year, in which more than $292 million in funds were stolen from the platform after a small loophole linked to its LayerZero bridge. On May 14, Kelp DAO announced that it is resuming withdrawals for its liquid staking token called rsETH. In another hack, Drift Protocol has been compromised and lost around $285 million.
This series of cyber attacks on the DeFi sector in the last few months has completely exposed the vulnerabilities present in the current platforms, including bridges, wallets, decentralized applications, and others.
Backdoor in DxSale Locker May Have Existed For Years
According to the popular on-chain investigator, Eyeonchain, the recent cyberattack on DxSale’s legacy locker might have had a backdoor that was there on the platform for years.
According to Eyeonchain, a user contacted him in August, 2025. This user has shared various screenshots of someone who was already selling a service through a Telegram channel. The person who was running this service has claimed to have direct contacts inside the DxSale team. The person has claimed that he “could unlock old LPs from projects launched before late 2021, taking a 20% cut of the recovered funds as payment.”
“The only requirement, according to them, was that someone from the original team still had access to the wallet used to raise funds on DxSale. After today’s events, it really feels like this backdoor may have existed for years already, which also raises the possibility that the exploit came from someone with insider-level access potentially even a former DxSale team member who already knew how these LPs could be unlocked all along,” stated in the post on X.
