Blockchain investigators linked the exploit to wallet address “0xC457,” which moved stolen BNB through multiple wallets and exchange deposit addresses. Analysts believe the attacker exploited a vulnerability related to contract ownership transfers and privileged permissions, allowing funds that were supposed to stay locked to be withdrawn.
DxSale Suffers Major Hack
DxSale, a meme coin launch platform that was once widely used on the BNB Chain, suffered a major security breach that resulted in the loss of approximately $7.3 million. The cyberattack reportedly affected around 1,400 liquidity providers whose funds were still locked in legacy liquidity contracts dating back several years.
According to blockchain security firm PeckShield, the attacker used the wallet address “0xC457” to withdraw funds and move approximately $1.87 million worth of BNB into two primary wallets before distributing portions of the stolen assets across multiple Binance deposit addresses.
DxSale gained popularity during the 2021 crypto bull market, particularly among projects launching on the BNB Chain. Many of these projects used the platform’s liquidity locker to reassure investors that liquidity would stay inaccessible for a specified period. However, blockchain analyst Tahax suggested that the exploited contracts still contained liquidity from numerous projects launched years ago.
Investigations into the exploit indicate that the attacker may have taken advantage of a long-standing vulnerability tied to the platform’s ownership structure. Tahax claimed that ownership of the locker contract was quietly transferred to a new wallet roughly 269 days before the attack, without any public migration announcement. The analyst further noticed that ownership subsequently passed through dozens of transactions designed to obscure the trail before ultimately reaching the wallet that executed the withdrawals.
Security researchers from Web3 auditing platform Coinsult reported that a combination of privileged contract permissions and a backdated lock mechanism effectively transformed supposedly locked deposits into withdrawable balances. This allowed the attacker to repeatedly extract BNB from the affected contracts.
The incident only worsened concerns about the security of decentralized finance protocols. Data from DefiLlama shows that crypto-related exploits have resulted in more than $17 billion in losses over the years, with decentralized finance protocols accounting for approximately $7.8 billion of that total.
Source: https://coinpaper.com/17358/dx-sale-hack-drains-7-3-million-from-1-400-bnb-chain-investors