Back

DxSale Suffers $7.3M Exploit Due to BNB Chain Compatibility Issue

Severity: High (Score: 64.5)

Sources: Techflowpost, www.cointime.ai, Bitget, Panewslab

Published: 2026-05-30 · Updated: 2026-05-31

Keywords: security, vulnerability, dxsale, incident, atomic, transaction, affects

Severity indicators: vulnerability

Summary

On May 30, 2026, DxSale reported a security incident involving a vulnerability in its v1 lockup contracts, launched in 2021, caused by a compatibility issue with BNB Chain's Atomic Transaction feature. The exploit led to the theft of approximately $7.3 million from over 1,400 liquidity pools. The affected contracts were identified, and it was confirmed that v2 and later contracts are secure and unaffected, having passed CertiK audits. The attack involved manipulating ownership through a backdoor contract, with the attacker transferring 2,958 BNB (around $1.87 million) to multiple wallets. DxSale reassured users that their funds in v2, v3, and subsequent versions remain safe. The incident has drawn significant market attention due to the scale of the theft and the nature of the vulnerability. Key Points: • The security incident involved a $7.3 million theft from DxSale's v1 lockup contracts. • Only the v1 contracts launched in 2021 were affected; v2 and later contracts are secure. • The exploit was enabled by a compatibility issue with BNB Chain's Atomic Transaction feature.

Detailed Analysis

**Impact** The exploit affected DxSale’s v1 staking/lockup contracts launched in 2021 on the BNB Chain, resulting in the theft of approximately $7.3 million across over 1,400 liquidity pools. Assets locked in v2 and later contract versions remain secure, having passed CertiK audits. The incident primarily impacts users and liquidity providers utilizing the early v1 architecture, with no reported geographic limitations beyond the BNB Chain ecosystem. No user data breach or operational downtime has been reported. **Technical Details** The attack exploited a compatibility issue between BNB Chain’s newly introduced Atomic Transaction feature and DxSale’s v1 lockup contracts. The attacker manipulated ownership through a backdoor or permission flaw enabled by this incompatibility, allowing unauthorized withdrawals. The involved address 0xC4574DDE...2EeaFA69 transferred stolen funds, including 2,958 BNB (~$1.87 million), to multiple wallets and exchanges such as PancakeSwap and Binance deposit addresses. No specific CVEs or malware tools were identified in the reports. **Recommended Response** Operators should ensure that only v2 and later versions of DxSale staking contracts are in use, as these have been audited and remain unaffected. Monitoring for transactions involving legacy v1 contracts on the BNB Chain is advised to detect potential exploitation attempts. Exchange and wallet providers should consider blocking or flagging transactions originating from the identified attacker address and related wallets. No patches are available for v1 contracts; migration to updated contract versions is recommended.

Source articles (4)

  • DxSale Responds to $7.3M Security Incident: Only Affects 2021 v1 Lock — Techflowpost · 2026-05-30
    TechFlow reports that on May 30, DxSale released a statement regarding its recent security incident, explaining that the vulnerability stemmed from a compatibility issue between BNB Chain’s newly laun…
  • DxSale Releases Statement on Security Incident: v2 and Above Lockup Contracts Unaffected — Bitget · 2026-05-30
    On May 31, DxSale released a statement regarding a recent security incident. The vulnerability stemmed from a compatibility issue between the newly launched Atomic Transaction feature on the BNB Chain…
  • BSC atomic transaction vulnerability affects v1 locking, v2 and above security. — Panewslab · 2026-05-30
    PANews reported on May 30 that DxSale responded to the security incident on the X platform, stating that the recent vulnerability originated from the atomic transaction function newly launched by BSC,…
  • Dxsale Releases Statement On Security Incident 77091 — www.cointime.ai · 2026-05-31
    On May 31, DxSale released a statement regarding a recent security incident. The vulnerability stemmed from a compatibility issue between the newly launched Atomic Transaction feature on the BNB Chain…

Timeline

  • 2026-05-29 — Exploit of v1 lockup contracts: Approximately 1,400 liquidity pools were exploited, resulting in a theft of $7.3 million due to a backdoor contract.
  • 2026-05-30 — DxSale releases statement on security incident: DxSale confirmed the vulnerability was linked to BNB Chain's Atomic Transaction feature affecting only v1 contracts.
  • 2026-05-30 — CertiK audit confirms security of v2 and above: DxSale stated that all contracts from v2 and beyond are secure and unaffected by the incident, having passed audits.
  • 2026-05-31 — Further statement released by DxSale: DxSale reiterated that the vulnerability is confined to the early v1 architecture and assured users of the safety of later contracts.

Related entities

  • Data Breach (Attack Type)
  • Zero-day Exploit (Attack Type)
  • DxSale (Company)
  • Binance (Company)
  • Atomic Transaction (Platform)
  • BNB Chain (Platform)
  • BSC (Platform)
  • PancakeSwap (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed