From May 28 to 29, 2026, a series of abnormal withdrawals from the "old liquidity pools" on the BNB Chain brought the long-silent DxSale back into the public spotlight. Multiple crypto media outlets cited on-chain investigators Eye (Eyeonchains) and Tahax1's analysis, stating that of the early liquidity pools associated with DxSale's locking service, over 1,400 pools had their funds concentratedly withdrawn, totaling approximately $7.3 million, with many of these locks traceable back to the early stages of the BNB Chain ecosystem in 2021. More strikingly, the doubts this time were not about an external hacker attack, but rather appeared to stem from “contract backdoors or admin privileges” being actively exploited: those LP locks that were once used to prove to retail investors that “the team would not run away” have now been accused of being tools for reverse asset extraction. This shifted the characterization of the event from a singular security incident to a systemic alarm surrounding "centralized lock-up trust," forcing the entire market to reevaluate whether entrusting a project's life and death to third-party lock-up platforms is truly a safe choice.
From Mainstream Lock-Up Tools to the Eye of the Storm
Going back to 2021, the BNB Chain was still in its early, chaotic growth phase. According to background materials from various media, DxSale was one of the most frequently used liquidity locking platforms on-chain at that time, with many new projects locking their LP tokens into tools like DxSale immediately after establishing their first pools to tell the market through screenshots of “locking for one year or two years”: the team had no intention of withdrawing funds at any time. For project parties, this was the lowest-cost means to build a reputation and dispel fears of a “rug pull”; for retail investors, unable to understand contract code or track the flow of funds, this “LP is locked” proof became one of the few safety anchors when participating in early projects.
The core of this model is the use of third-party contracts to replace the project party's wallet, to carry the promise of “frozen funds”—LP is not in the team’s hands, so even if the team wants to run, they must wait for the preset unlock time. The problem is that taking this “key” from the project party does not equate to true decentralization but instead concentrates the power of life and death within the lock-up contract itself. Once this contract holds permissions that can be operated centrally, or has design backdoors, the tools that were originally deemed to provide safety endorsements could potentially become entry points for asset extraction many years later. The assets withdrawn this time were described by multiple parties as coming from “the earliest liquidity pools,” corresponding locks can be traced back to 2021, directly piercing the narrative that “handing LP over to a reputable lock-up platform equals fulfilling a safety commitment” that has been in use for many years in the industry.
1,400 Pools Hollowed Out: The Path Uncovered by On-Chain Tracking
According to on-chain analysis disclosed by Eye and Tahax1, within the short span of May 28-29, over 1,400 liquidity pools associated with DxSale on the BNB Chain exhibited homogenous anomalies: funds that were originally seen as locked long-term for years were concentratedly withdrawn within a very close time frame. Media summaries of these transactions estimated that the scale of the withdrawals was about $7.3 million, and so far, there has been no authoritative counter-data to refute this at a different scale, making “bulk extraction of early LPs” the foundational assumption for public discourse.
The technical context provided by on-chain investigators is also relatively consistent: the issue was not merely a one-time transfer, but involved a covert ownership transfer that shifted control of the LP, originally belonging to project parties and users and custodied in the DxSale lock-up contract, to a new operator address; subsequently, these funds were broken down, withdrawn in batches from the relevant pools, and dashed through over 80 intermediary wallets, deliberately lengthening the path and segmenting amounts, increasing the difficulty of tracing. Some media, after organizing the relational maps, noted that at least one of the addresses operating on a key path had potential ties to the DxSale team, describing this clue as “strongly pointing to team-related wallets,” but in the absence of judicial or official investigation conclusions, this claim remains at the level of on-chain analysis and public accusation, rather than an officially substantiated fact.
If a Lock-Up Contract Has a Backdoor, Users Become Hostages
The recent concentrated withdrawal of early LPs associated with DxSale on the BNB Chain has been classified by multiple media as “suspected internal backdoor attack or abuse of admin privileges” rather than a typical external hacker invasion, at the core of which lies an implicit premise: this liquidity, meant to be “locked long-term,” is still controlled by some invisible key. For project parties and token holders who have handed over LPs to lock-up platforms since 2021, what is termed “long-term lock-up” is not merely handing tokens over to a completely public, rule-defined code on the chain, but rather entrusting the security of assets and control of time to the platform's permission design; as long as there are undisclosed backdoors or excessive admin privileges within the contract, users will lose proactive control over time, potentially becoming “hostages” at any moment.
Complicating matters further, there has yet to be a cross-validated technical analysis report regarding whether the DxSale contract indeed has a built-in backdoor and how admin privileges are specifically set, with public documents failing to provide reproducible details about the specific attack steps, leaving most technical details at the level of individual analysts' speculative assumptions. In other words, alarms about the “invisible admin key” in the market more often stem from on-chain analyses and media reports, with a lack of complete technical explanations from the platform regarding the contract's permission structure; this information asymmetry amplifies panic and necessitates that external interpretations of the event's nature carry significant uncertainty.
The Collective Examination of Centralized Lock-Up: Who Else is Exposing Risks?
Under the DxSale model, project parties chose to hand over LP tokens to a third-party lock-up largely due to the brand's reputation and the convenience of one-click operations. Some analyses point out that these custodial lock-up platforms often tout a security narrative of “cannot unlock early,” but once critical information such as whether the contract is open-source or how admin privileges are set remains opaque, “who holds the key” becomes a single point of failure. The funds that were withdrawn this time were concentrated in the early LP token pools locked since 2021, effectively betting the long-term security of all early BNB Chain projects on an external contract and its permission design, rather than on a structure that could be audited by the project party and fully self-custodied.
After the incident was exposed, it was regarded by multiple media and commentators as a typical risk case “involving lock-up contract backdoors or admin privileges,” directly impacting the industry consensus that “as long as it's locked up, it equals safety,” especially for LP assets that have longer lock-up times and rely more on platform credit, which have begun to be revalued. Community discussions quickly focused on three technical dimensions: whether the lock-up contract is fully open-source, whether privileges are strictly constrained, and whether multi-signature or decentralized governance is introduced to disperse key control. From the currently public discourse, the market is incorporating “whether it has undergone serious audits, whether permission models are sufficiently disclosed” into the fundamentals of projects, making it difficult for other providers using similar centralized custodial lock-up models to avoid equally strict inquiries regarding the degree of contract openness, transparency of permissions, and external audit standards.
After $7.3 Million: What Can Users and Project Parties Learn?
Regardless of how the final technical details, responsible parties, and the ultimate flow of this approximately $7.3 million are restored, the abnormal withdrawals surrounding the early LPs of DxSale have essentially undermined the foundational assumption that “handing chips over to third-party lock-up platforms equals fulfilling safety commitments.” For ordinary users and project parties, a more realistic self-protection path is not to remember which brand has a “good reputation,” but to prioritize choosing solutions with fully open-source contracts and permission boundaries clearly written in code: whether it explicitly lists who can move the LP, whether there is a single point admin, and whether key operations must be authorized collectively through multi-signature or similar mechanisms, rather than relying on a centralized account whose rules can change at any time. In the longer term, such historical events often drive upgrades in permission management and audit standards, and this instance is likely no exception—what’s worth observing next is whether there will be more systematic evidence analysis or law enforcement movements on-chain, whether DxSale and similar platforms will produce organized technical explanations and rectification plans, and whether a broader range of projects and users will accelerate their migration to lock-up and governance tools with more decentralized permissions and transparency.
Join our community to discuss together and become stronger!
On-chain Telegram community: https://t.me/AiCoinWhaleData
On-chain community: https://www.aicoin.com/link/chat?cid=N6OVMor5g
AiCoin on-chain Twitter: https://x.com/aicoinwhaledata
AiCoin exclusive Hyperliquid benefits: https://app.hyperliquid.xyz/join/AICOIN88
AiCoin exclusive Aster benefits: https://www.asterdex.com/zh-CN/referral/9C50e2
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
