Hackers extracted approximately $7.3 million from over 1,400 legacy liquidity-provider (LP) positions locked in old DxSale contracts on the BNB Chain, according to alerts published by security firms PeckShield and Coinsult on May 29. Unlike many recent DeFi breaches driven by smart contract bugs, this heist leveraged a silent but critical ownership transfer, allowing attackers to bypass standard security checks and drain funds directly.
The affected contracts were part of DxSale’s older locker infrastructure, which many liquidity providers used to secure tokens for farming or vesting. These vaults, originally designed to prevent premature withdrawal, became vulnerable when management privileges were quietly handed over to addresses controlled by the attacker. This kind of exploit sidesteps complex vulnerabilities, exposing governance risks in legacy protocols that did not anticipate post-deployment ownership changes.
Tracing the exploit reveals a pattern of owner-privilege abuse rather than a technical failure in the contract logic. The attacker methodically emptied thousands of LP tokens pooled across the BNB Chain ecosystem, which may temporarily tighten liquidity for some projects relying on these locked assets. While the $7.3 million loss is a fraction of BNB Chain’s total locked value, the scale – spanning more than 1,400 pools – draws attention to the latent dangers in outdated contract management practices.
DxSale’s legacy locker contracts have not received the same audit scrutiny as their newer counterparts, and the silent ownership handover was not publicly disclosed or flagged beforehand. This incident underscores the importance of continuous rights management transparency, especially for protocols holding user funds over extended periods.
Market impact so far appears muted, with BNB price holding steady. That said, the event poses a reputational risk for projects tied to these lockers and may affect user confidence in locking funds with older smart contracts. DxSale and affiliated projects have yet to provide a formal response or roadmap for recovery, leaving investors uncertain about potential compensation or contract upgrades.
Watch for official updates from DxSale regarding the scope of the compromise and any remediation measures. Traders should also monitor shifts in LP token liquidity and carefully assess risks before engaging with legacy contract ecosystems on BNB Chain. The case serves as a stark reminder: contract ownership is not just a line of code, it’s a pivotal security boundary.
$7.3M Drained from 1,400+ DxSale BNB Chain Lockers via Ownership Exploit
An attacker drained $7.3 million from over 1,400 old DxSale liquidity-provider lockers on BNB Chain using silent ownership transfer exploits. Security firms highlight the growing risks from privileged ownership exploits in legacy smart contracts.