DxSale, a meme coin launch platform widely used on the BNB Chain, has experienced a security incident. On-chain investigations indicate that approximately 1,400 liquidity providers were affected, involving about $7.3 million. These funds primarily originated from liquidity lock-up contracts left over from several years ago.
The attack path points to the old contract.
Blockchain security firm PeckShield stated that the address associated with the attack was 0xC457. After withdrawing funds from the affected contract, this address first transferred approximately $1.87 million worth of BNB to two main wallets, and then further distributed the funds to multiple exchange deposit addresses.
DxSale was used by many projects on the BNB Chain during the peak of the crypto market in 2021. The platform's liquidity locking tool was originally intended to demonstrate to investors that liquidity would remain locked for a specified period. On-chain analyst Tahax stated that the contracts exploited this time still retained liquidity from several earlier projects.
Suspected to be related to the transfer of ownership
Multiple investigations suggest the problem may be related to the contract's ownership structure. Tahax stated that control of the relevant locker contract was transferred to a new wallet approximately 269 days before the attack, but no public explanation of the migration was provided at the time. Subsequently, control changed hands through dozens of transactions, further obscuring the path, ultimately ending up in the wallet that executed the withdrawal.
Web3 auditing platform Coinsult further pointed out that the attackers allegedly combined contract privileges with a retroactively modifiable locking mechanism to turn deposits that should have remained locked into withdrawable balances, and then withdrew BNB multiple times.
The impact is concentrated on historical locked funds.
Based on currently disclosed information, the affected entities are primarily funds still held in older liquidity lock-up contracts, rather than newly created single-project pools. Because DxSale has served numerous BNB Chain projects, the amount of funds held in these historical contracts is substantial, amplifying the losses in this incident.
Currently, on-chain security agencies are still tracking the flow of related funds. The attack funds have been transferred through multiple wallets and exchange deposit addresses. Whether they can be frozen or recovered depends on the progress of the platform's investigation and the results of on-chain tracking.
