DxSale, a platform widely used in 2021 to lock liquidity for thousands of tokens on BNB Chain, was hit by a major exploit, according to PeckShieldAlert on the morning of May 29. The attacker drained around $7.3M from old LP vaults, affecting more than 1,400 liquidity pools.
How the Attack Worked
Ownership of outdated vaults was transferred to unverified contracts containing hidden backdoors around 269 days ago. The attacker then routed control through roughly 80 wallets to cover their tracks.
The final wallet deployed a dedicated draining contract and executed a single transaction: it reset fees to zero, reset unlock dates to 1970, withdrew all funds, and converted the assets into BNB.
Part of the stolen funds — around $1.87M — moved through two main wallets to Binance deposit addresses. The remaining funds are now being routed through cross-chain mixers, making further tracking nearly impossible.
Signs Point to Insider Involvement
Blockchain analysts say the exploit may have involved insiders. Back in August last year, someone openly advertised access to this exact vulnerability in Telegram groups, but the warnings received little attention at the time.
Only vaults dating back to the 2021 bull run were affected, including some linked to the SafeMoon token. Not every liquidity lock from that period was compromised — the attacker specifically drained more than 1,400 specific positions.
Users who still have old DxSale liquidity locks are being urged to immediately check the status of their LP tokens on BscScan.
Read more: