DxSale, a long-running token launch and liquidity locking platform widely used during the early BNB Chain memecoin boom, has suffered a major exploit that drained an estimated $7.3 million in liquidity provider (LP) funds. The incident affected more than 1,400 liquidity pools, according to on-chain tracking shared after the incident. The pools were spread across multiple older token projects, many of which had not seen active development or trading activity in years but still held locked liquidity inside DxSale contracts. Notably, the exploit did not appear to target a single token or project. Instead, it impacted a shared infrastructure layer used by hundreds of deployments, amplifying the scale of the losses. How the attack on the BNB Chain LPs happened On-chain analysis and investigator breakdowns from Tahax suggest the exploit was not sudden. Instead, it unfolded through a series of controlled administrative changes that occurred months before the actual drain. Roughly 269 days before the incident, the DxSale deployer reportedly transferred ownership of a key locker contract to a new wallet. The transition was not publicly announced, and no migration notice was issued to users or token teams relying on the system. Over time, ownership control did not remain static. The admin rights were reportedly moved through approximately 80 separate wallet transfers, each designed to obscure the trail of custody changes. These movements reduced visibility into who ultimately controlled the locker system while keeping administrative privileges intact. Two days before the exploit began, ownership was consolidated into a single wallet: 0xC4574DDEF299e7E563971e200433e592EeaaFA69 The wallet was newly created and reportedly funded through Bybit, with routing activity linked through cross-chain bridge infrastructure often used to obscure fund origins. Within hours of this consolidation, liquidity-draining activity began across hundreds of token pools. Technical execution of the drain A detailed breakdown from on-chain security analysts at Coinsult described the mechanism used to extract funds from the DxSale locker system. The attacking contract, deployed shortly before the incident, was unverified and built using Solidity 0.8.33. It functioned as a single orchestrator, allowing multiple actions to be executed within one transaction through self-calling logic. The execution sequence targeted the internal mechanics of the locker contract. First, the attacker triggered a function that reduced the locking fee to 1 wei, effectively removing cost barriers to modifying locked positions. This was followed by a second action that set the lock expiration timestamp to 68 seconds after the Unix epoch, effectively resetting the lock to a time that no longer protected deposited liquidity. After this, the fee parameter was raised to an extremely high value, approximately 1e29, which appears to have been used to disrupt normal contract interaction behaviour during execution. Once the internal state was modified, the attacker initiated repeated withdrawal calls that allowed tokens to be pulled from the locker. These funds were then converted into WBNB and BNB before being moved through multiple routes to obscure the transaction trail. The structure of the contract meant that once administrative parameters were changed, the “locked” status of liquidity no longer reflected actual withdrawal restrictions. Why the LP locker system became a target DxSale was widely used during the 2021 memecoin boom on BNB Chain as a default liquidity locking tool. Many token launches relied on it to demonstrate security to early investors by locking liquidity pool tokens for extended periods. However, the system’s security model depended heavily on administrative control rather than fully immutable contract logic. According to the analysis, functions such as fee adjustments and lock configuration remained accessible through privileged ownership roles. Security analysts noted that the exploit became possible because the locker contract still had an active owner key capable of modifying critical parameters. This meant that “locked” liquidity was not strictly enforced by immutable code but instead governed by adjustable contract settings. The post DxSale loses $7.3M in BNB Chain liquidity providers (LPs) hack appeared first on Invezz