DxSale Security Incident Linked to BSC Atomic Transaction Vulnerability
Severity: Medium (Score: 54.6)
Sources: Techflowpost, Panewslab
Published: · Updated:
Keywords: security, vulnerability, dxsale, incident, atomic, transaction, affects
Severity indicators: vulnerability
Summary
On May 30, 2026, DxSale reported a security incident affecting its v1 staking contracts from 2021, resulting in approximately $7.3 million being withdrawn from over 1,400 liquidity pools. The vulnerability was caused by a compatibility issue with BNB Chain's newly launched Atomic Transaction feature, not an inherent flaw in later versions of DxSale's staking contracts. The company confirmed that v2 and later contracts, which have passed CertiK audits, remain secure. The incident has drawn significant attention from the on-chain security community, but DxSale has clarified that the exploit is limited to the early v1 architecture. The situation is currently under control, with the source of the problem identified and analyzed. Key Points: • DxSale's v1 staking contracts were exploited due to a BNB Chain Atomic Transaction vulnerability. • Approximately $7.3 million was withdrawn from over 1,400 liquidity pools linked to this incident. • All v2 and later staking contracts are secure and unaffected, having passed CertiK audits.
Detailed Analysis
**Impact** The incident affected DxSale’s early v1 staking contracts launched in 2021, resulting in unauthorized withdrawals totaling approximately $7.3 million from over 1,400 liquidity pools. Staked assets in v2, v3, and later contract versions remain secure and unaffected, having passed CertiK audits. The impact is confined to users and liquidity providers engaged with the v1 staking contracts on the BNB Chain ecosystem, with no reported geographic limitations. Business operations related to later contract versions continue without disruption. **Technical Details** The vulnerability exploited originated from a compatibility issue between BNB Chain’s newly launched Atomic Transaction feature and DxSale’s v1 staking contracts. The attack leveraged this atomic transaction mechanism to bypass security controls in the early contract architecture, enabling unauthorized fund withdrawals. No specific CVEs, malware, or IOCs were disclosed in the reports. The exploit occurred at the execution phase of the kill chain, targeting the contract’s permission logic. **Recommended Response** Defenders should ensure that all staking contracts are upgraded to v2 or later versions, which have been audited and confirmed secure. Monitoring for unusual atomic transaction patterns on v1 contracts is advised until those contracts are deprecated or disabled. No patches or specific indicators were provided; therefore, focus should be on contract version management and transaction anomaly detection within the BNB Chain environment.
Source articles (2)
- DxSale Responds to $7.3M Security Incident: Only Affects 2021 v1 Lock — Techflowpost · 2026-05-30
TechFlow reports that on May 30, DxSale released a statement regarding its recent security incident, explaining that the vulnerability stemmed from a compatibility issue between BNB Chain’s newly laun… - BSC atomic transaction vulnerability affects v1 locking, v2 and above security. — Panewslab · 2026-05-30
PANews reported on May 30 that DxSale responded to the security incident on the X platform, stating that the recent vulnerability originated from the atomic transaction function newly launched by BSC,…
Timeline
- 2026-05-30 — DxSale reports security incident: DxSale confirms a vulnerability affecting its v1 staking contracts, leading to $7.3 million in withdrawals.
- 2026-05-30 — Cause of vulnerability identified: The vulnerability was traced to BNB Chain's Atomic Transaction feature, affecting only v1 contracts.
- Recent — CertiK audit confirms security of later contracts: DxSale's v2 and above staking contracts have passed CertiK audits, ensuring their security.
Related entities
- Zero-day Exploit (Attack Type)
- DxSale (Company)
- Atomic Transaction (Platform)
- BNB Chain (Platform)
- BSC (Platform)