DxSale Releases Security Incident Statement: Locking Contracts of v2 and above Versions Were Not Affected

BlockBeats News, May 31: DxSale issued a statement on a recent security incident, where the vulnerability stemmed from an incompatibility between the newly launched Atomic Transaction feature on the BNB Chain and the early v1 lock contract. The affected contract was the v1 lock contract deployed in 2021. The issue has been identified and analyzed, with no impact on the v2 and higher version lock contracts, which have been audited by CertiK to ensure the security of locked assets. DxSale emphasized that all subsequent versions of lock contracts, such as v2 and v3, have not been affected by this incident, and the vulnerability is limited to the early v1 architecture.

On May 29, DxSale saw approximately 1400 old LPs from 2021 on the BNB Chain drained of $7.3 million, as the attacker exploited a backdoor contract to take control. The address involved, 0xC4574DDE...2EeaFA69, transferred 2958 BNB (about $1.87 million) to two main wallets, then deposited into multiple Binance addresses and exchanged tokens via PancakeSwap.