DLMC Token, associated with the Decentralized Legacy Management Corporation project on BNB Chain, experienced a treasury drain totaling roughly $222,560 in USDT on June 24, 2026. TenArmor Security first flagged the suspicious activity through its monitoring systems, alerting the community to the incident shortly after it unfolded around 11:15 UTC in BNB Chain block 106091607. The perpetrator used a flash loan to manipulate the protocol’s internal token price, allowing redemption of referral rewards at an inflated rate before repaying the loan and extracting the profit.
🚨TenArmor Security Alert🚨
Our system has detected a suspicious attack involving #DLMC on #BSC, resulting in an approximately loss of $222.6K.
Attack transaction: https://t.co/Xv6AsO63fQ
With TenArmor’s TenMonitor, you get early detection and automated response to on-chain… pic.twitter.com/4UccmcQ0ka
— TenArmorAlert (@TenArmorAlert) June 25, 2026
Vulnerable Contract: 0xf2ca2a3572b26ae7c479dc7ae36d922113b1bdf2
Attacker’s Externally Owned Account: 0x74c4a756933d0f713facb1dea325ef511646c3b1
Profit Receiver Address: 0x701bb7b460ae231dbbcfa3d87f0ab5b458429699
The attacker initiated a flash swap of approximately 1.42 million USDT from a PancakeSwap pair at 0x16b9a8…eb0dae. Helper contracts then executed large buys totaling over 1.42 million USDT worth of DLMC tokens. This significantly boosted the contract’s USDT reserves.
The protocol’s pricing logic calculated livePrice based on USDT reserves divided by externally circulating supply, excluding most newly minted tokens held by the contract itself. This caused the internal price to surge from around 0.41 USDT per DLMC to nearly 25 USDT. One helper address received referral or DAO reward tokens and sold approximately 65,908 DLMC back into the contract at the inflated price.
In total, the contract disbursed about 1.646 million USDT. After repaying roughly 1.424 million USDT for the flash loan, the attacker retained the net profit of $222,560. The root cause centered on the interplay between deposit functions that mint new DLMC primarily to the contract address and the _updatePrice mechanism, which did not account for those unminted or internal tokens in the circulating supply denominator. Referral rewards became immediately redeemable against the manipulated reserves.
DLMC operates as a decentralized finance protocol focused on legacy management and community-powered digital assets. Details on the project’s total value locked or broader user impact remain limited in immediate post-incident reporting, though the drain primarily affected treasury funds rather than external liquidity pools. The exploit also follows a broader pattern of treasury-focused attacks seen this year, including the recent Ink Finance incident on Polygon, where attackers combined a whitelist flaw with flash-loan mechanics to drain protocol funds. Similar cases have highlighted how economic vulnerabilities can be just as damaging as coding errors.
This incident adds to a series of smaller-scale DeFi exploits in 2026 that have targeted economic design flaws rather than core smart contract access controls. Recent attack data suggests that these types of exploits remain persistent across the industry. According to a report covering crypto security incidents in May, hackers stole more than $84 million across dozens of attacks, with flash loans and protocol design weaknesses continuing to be recurring themes. Flash loan attacks continue to test protocols with self-referential pricing or reward mechanisms, particularly on chains like BNB where transaction costs facilitate rapid testing and execution.
The DLMC exploit also bears similarities to the attack on Royal’s legacy royalties contract on Polygon, where a flaw in internal accounting enabled an attacker to extract funds without compromising private keys or administrative controls. Both incidents underscore the risks associated with flawed protocol logic and reward mechanisms. Project representatives had not issued a public statement at the time of publication.
