More than 1,400 old liquidity pools linked to DxSale contracts on BNB Chain got drained for $7.3 million in an exploit spotted by security watchers on May 29.
The hit fits right into this month’s rising tide of DeFi breaches where outdated contracts and loose permissions keep leaving everything wide open.
What Happened
PeckShieldAlert first flagged how a wallet called Tahax spotted the whole thing.
Attackers zeroed in on at least 1,400 legacy DxSale pools across BNB Chain pulling roughly $7.3 million in assets before routing everything through AnySwap to cover their tracks.
PeckShield noted that address 0xC457β¦FA69 moved 2,958 BNB worth about $1.87 million from the take into a couple of main wallets that later funneled funds across multiple Binance deposit spots.
DxSale serves as a launchpad letting projects spin up tokens and pools without building from scratch and it saw heavy use on BNB Chain years back when many teams locked their liquidity there.
Tahax pointed out the locker still held untouched LPs from projects dormant for years with everyone assuming the setup stayed secure.
Almost nine months prior the original deployer handed ownership to a fresh wallet without any notice or migration details.
The contract sat unverified likely hiding a backdoor the thief exploited.
Two days ago that brand new wallet 0xC457β¦FA69 funded via Bybit and possibly AnySwap grabbed control of the locker and started draining pools within hours.
DxSale has stayed quiet on the matter so far.
DeFi Security Concerns Keep Growing
This event lines up with broader losses hitting at least $650 million across the space in April alone.
May brought its own share including a strike last week that pulled over $11 million from the Verus bridge by slipping past payment verification flaws with a tiny transaction that unlocked big withdrawals.
TrustedVolumes lost around $5.9 million earlier after a hacker played on mismatches in its settlement checks where authorization hit one address while funds came from another.
THORChain reportedly dropped more than $10 million too sending RUNE down 15 percent fast.
The pattern prompted OpenZeppelin co-founder Manuel ArΓ‘oz to call all of DeFi unsafe noting AI tools now spot weaknesses quicker than fixes can land.
Just another echo from the void by iconofsin.eth π
