DxSale just took a heavy hit on BNB$576.57 Chain. Roughly $7.3 million was drained from about 1,400 old liquidity pool lockers, and the early read from on-chain investigators is that this was not a random smash-and-grab, it looks tied to legacy contract access that may have been sitting in the system for years. [1]
Enjoy articles without ads?
Register for free and get unlimited access to all articles.
What happened on-chain
Security trackers including PeckShield said the attacker targeted older BNB$576.57 Chain LP lockers tied to DxSale, specifically pools locked back in 2021. The exploit appears to have focused on legacy contracts rather than newer infrastructure, which matters because it narrows the attack surface to code and permissions that may have been overlooked for a long time. [2]
PeckShield traced 2,958 BNB, worth about $1.87 million at the time of reporting, into two main wallets. From there, the funds were sent onward to multiple Binance deposit addresses. That flow gives investigators a concrete off-ramp to watch, even if only part of the stolen value has been publicly mapped wallet by wallet so far. [3]
Reports from on-chain monitors suggest ownership of those legacy lockers had been shifted around nine months before the exploit. The destination was allegedly a set of unverified contracts linked to backers, a detail that is now central to the insider debate. To obscure the trail, the ownership changes were routed through around 80 wallets before the final draining transaction. [4]
The final step looked surgical. Investigators say the exploiter used a custom drainer contract in a single transaction, cut fees to near zero, altered the unlock timing, and withdrew the locked liquidity. After that, assets were swapped into BNB$576.57 and moved through laundering routes associated in reports with multichain-style mixer activity. [5]
The most serious allegation did not come from the drain itself, but from earlier chatter that now looks more relevant. Eyeonchain flagged claims from August 2025 involving a seller in DxSale's Telegram channel who allegedly offered a service to unlock old LPs from projects launched before late 2021. [6]
According to that account, the seller claimed insider access and said they could tap the same wallet used to raise funds on DxSale. The pitch was blunt: they would recover the locked funds in exchange for 20 percent of the amount extracted. If authentic, that suggests knowledge of a backdoor or privileged operational path well before this week's exploit.
That does not prove team involvement, and it is important to keep that line clean. But it does raise the possibility that the attack required more than standard vulnerability hunting. If the old lockers could be unlocked only with internal knowledge or inherited permissions, then the market has to consider former team access, compromised deployer controls, or badly managed contract ownership as realistic scenarios.
The market structure behind the loss
This was not a treasury drain from a single wallet. It was a broad pull across locked LP positions, which means the damage is fragmented across many projects and users rather than isolated to one protocol reserve. That makes cleanup harder. Teams that assumed their liquidity was safely locked may now be discovering that the lock itself was the weak point.
The scale also says something about long-tail DeFi risk on BNB Chain. Old launchpad and locker contracts can sit untouched for years, with nobody stress-testing ownership logic or inherited privileges once attention moves elsewhere. When an attacker finds that seam, the liquidity can vanish fast because these contracts often control assets that users mentally wrote off as safe.
DefiLlama data cited in coverage puts 2026 exploit losses at about $854 million so far, with more than $52 million stolen in May alone. DxSale adds another data point to a year that has been especially rough for aging DeFi infrastructure. [7]
The transfers into Binance deposit addresses are one of the few potentially useful pressure points in this story. If those deposits are still identifiable and compliance teams can connect them to the drain, some portion of the funds could be frozen before they fully disappear into secondary hops.
That said, traders should not read exchange deposits as a recovery guarantee. Once funds are split, swapped, and routed across enough addresses, clawbacks get messy. The fact that only part of the stolen value has been highlighted in the initial traces also leaves open the possibility that other chunks were moved through less cooperative rails.
The bottom line
DxSale's $7.3 million loss looks less like a fresh zero-day and more like a legacy access problem that finally got cashed in. The key facts are solid: around 1,400 old BNB Chain LPs were drained, thousands of BNB were traced to exchange-linked wallets, and prior claims about unlocking old DxSale liquidity are now fueling insider suspicion.
What invalidates the insider thesis is simple: a clear technical post-mortem showing the attacker exploited publicly reachable code with no privileged knowledge or retained control. Until that lands, the biggest risk for users is not just this one exploit, it is every forgotten locker contract that still holds real money and has not been audited for ownership paths recently.
Your reviews help us improve the quality of both current and future articles. All reviews are public and visible to other readers. We use both ratings and comments to improve future articles and to revise any articles that do not meet our standards.
See more like this on Google
