A suspected exploit targeting DxSale’s legacy liquidity-locking infrastructure has resulted in the withdrawal of approximately $7.3 million from more than 1,400 BNB Chain liquidity pools tied to projects from the 2021 crypto cycle.

According to on-chain investigators, the attacker may have gained control of a legacy locker contract nearly 269 days before the funds were drained, quietly moving ownership through dozens of wallets before executing the withdrawals.

Researchers claim the exploit may have involved manipulating locker settings and unlock dates, allowing long-locked liquidity positions to be treated as expired and withdrawn. Some analysts have also raised questions about whether the attacker had prior knowledge of DxSale’s infrastructure.

DxSale has acknowledged the incident and confirmed that an investigation is underway, but has not yet disclosed whether any funds can be recovered.