More than 1,400 liquidity pools tied to old DxSale contracts on BNB Chain were drained in a $7.3 million exploit flagged by blockchain security firms on May 29.
The attack adds to a growing list of DeFi breaches this month, as security experts warn that aging smart contracts and weak access controls are leaving protocols exposed.
According to on-chain security account PeckShieldAlert, a user named “Tahax” first identified the exploit. Per their report, attackers targeted at least 1,400 old DxSale liquidity pool contracts on BNB Chain, draining about $7.3 million worth of crypto from them, which they then routed through AnySwap in an attempt to obscure their trail.
PeckShield added that an address identified as “0xC457…FA69” had transferred 2,958 BNB from the hack, worth $1.87 million, into two main wallets, which then moved the funds through several deposit addresses on Binance.
DxSale is a launchpad platform that lets crypto projects create tokens and liquidity pools without building their own infrastructure. It was pretty big about five years ago, with many of the projects launching tokens on BNB Chain locking their LPs with the protocol.
According to Tahax, the locker was still holding LPs from projects that had not been touched for years, with founders and holders believing it was safe. However, nearly nine months ago, the DxSale deployer transferred ownership of the locker to a new wallet with no public announcement or migration notice. The on-chain degen claims that the locker contract was unverified and it probably contained a backdoor, which the attacker took advantage of.
Two days ago, 0xC457…FA69, a brand new wallet funded from Bybit and possibly routed through AnySwap, reportedly took ownership of the locker and, within hours started draining the LPs.
DxSale itself was yet to make a statement regarding the exploit.
The DxSale hack hasn’t happened in isolation, with the crypto sector losing at least $650 million in April from similar incidents. May has also had its fair share of attacks, including one last week, where a person stole more than $11 million from the Verus bridge after exploiting a flaw in how it verified payment amounts. According to security researchers, the attacker submitted a tiny transaction that passed verification checks while still unlocking large withdrawals from the bridge’s reserves.
Earlier in the month, liquidity provider TrustedVolumes was also hit for about $5.9 million after a hacker abused weaknesses in its custom settlement system, with analysts pointing out that the exploit worked because the protocol checked authorization against one address while pulling funds from another.
THORChain was also a victim, with on-chain sleuth ZachXBT saying it may have lost more than $10 million, which sent its RUNE token plummeting 15% within minutes.
This steady stream of exploits has elicited a reaction, with OpenZeppelin co-founder Manuel Aráoz declaring “all of DeFi unsafe,” arguing that AI-assisted attackers are finding vulnerabilities faster than security teams can patch them.
The post Over 1,400 Liquidity Providers Hit in $7.3 Million DxSale Exploit appeared first on CryptoPotato.
—
Blog powered by G6
Disclaimer! A guest author has made this post. G6 has not checked the post. its content and attachments and under no circumstances will G6 be held responsible or liable in any way for any claims, damages, losses, expenses, costs or liabilities whatsoever (including, without limitation, any direct or indirect damages for loss of profits, business interruption or loss of information) resulting or arising directly or indirectly from your use of or inability to use this website or any websites linked to it, or from your reliance on the information and material on this website, even if the G6 has been advised of the possibility of such damages in advance.
For any inquiries, please contact [email protected]
