Saga, a Layer-1 blockchain protocol designed for high-throughput decentralized applications, has suspended its SagaEVM chainlet following a major security incident that resulted in the unauthorised transfer of approximately $7 million in bridged assets to Ethereum. The protocol confirmed the breach in a Jan. 21 announcement , stating that the exploit involved a carefully orchestrated series of contract deployments, cross-chain operations, and liquidity extractions. According to the project team, the decision to halt the Ethereum-compatible SagaEVM chain was taken “out of an abundance of caution,” freezing the chain at block height 6,593,800 while investigations continue. In the meantime, Saga has confirmed that the core infrastructure remains intact, noting there was “no consensus failure, validator compromise, or signer key leakage.” Further, its mainnet, Saga SSC, and other chainlets were not impacted, and protocol-level consensus continues to function without issue. The impact of the attack was immediately visible across the protocol’s ecosystem. Saga Dollar, the network’s flagship stablecoin pegged to the US dollar, lost its peg at approximately 10:16 pm UTC on Jan. 21, falling to a low of $0.75, according to CoinGecko. Meanwhile, the total value locked on the network also dropped sharply as network users started moving funds out. Data from DeFiLlama showed that TVL on Saga collapsed from over $37 million to just $16 million within 24 hours of the exploit. A coordinated attack While Saga has yet to publish an official post‑mortem, several community‑led theories have emerged around the exploit. One such assessment came from threat researcher Vladimir S, who suggested the attacker may have executed a multi‑step strategy involving IBC mechanisms and custom message payloads, potentially allowing Saga’s stablecoin to be minted without corresponding collateral. According to Vladimir, the exploit appeared to bypass bridge validation by abusing precompile logic, enabling the attacker to mint Saga Dollar ($D) “out of thin air.” Another theory came from a pseudonymous X user going by Spectre, who speculated that the attack may have been the result of a private key compromise. The incident also affected Saga’s Colt and Mustang environments, which were tied into the same cross-chain infrastructure. Post incident safeguards in play While full technical details are yet to be disclosed, an on-chain wallet, 0x2044697623afa31459642708c83f04ecef8c6ecb, has been identified as the destination of the stolen funds. Saga said it is working with exchanges and bridge operators to blacklist the address and prevent further movement of the assets. In the meantime, it has enacted several emergency safeguards, including restricting relevant cross-chain activities and reviewing execution traces and archive node data to fully understand the exploit’s scope. Engineers are now working to patch vulnerabilities and strengthen SagaEVM’s components before any potential restart. The chainlet will remain offline until the remediation process is completed and the team is confident that no further risk exists. No timeline has been provided for resuming operations. “We recognize that a pause is disruptive. We made this decision because the safety of our community comes first,” the team wrote in its latest status update. The Saga incident adds to a growing list of targeted attacks in the crypto space. Chainalysis estimates that total crypto hack-related losses reached $3.41 billion in 2025 . The post Saga pauses SagaEVM after $7M exploit drains bridged assets appeared first on Invezz
