Saga Hacked For $7 Million, Pauses SagaEVM Chain

Layer 1 protocol Saga suffered a security exploit on its SagaEVM chain, draining nearly $7 million and prompting the project to pause the network. At the same time, it finalizes its investigation and remediation efforts, according to a blog post.

According to on-chain analysis, the attacker minted Saga Dollar (D) tokens without collateral, bridged the assets to Ethereum, and converted much of them into over 2,000 ETH valued at more than $6 million, with an additional $800,000 deployed into Uniswap V4 liquidity positions.

Saga halted the SagaEVM chain once it identified the incident on January 21 and has kept the chain stopped “out of an abundance of caution” while it assesses the full scope of the exploit, addresses the vulnerability, and reinforces overall system security.

The team acknowledged that suspending the chain is disruptive for users but emphasized that protecting the community’s funds and the protocol’s integrity takes priority. Saga said it will release a detailed technical post-mortem once remediation steps are finished and its conclusions are fully verified.

Protocol Working To Blacklist The Attacker

According to Saga, it has identified the wallet that received the extracted assets.

Saga is coordinating with exchanges and bridge operators to blacklist the attacker’s address in an effort to limit the movement of the stolen funds and support any potential recovery measures. The team is also conducting a forensic analysis using archive data and execution traces to reconstruct the attack path.

Saga said the incident did not affect its broader infrastructure, including the SSC mainnet or core consensus layer, and found no evidence of validator compromise, consensus failure, or leaked signer keys.

The attack comes at a time when there is a prevalence of crypto exploits, with data from Chainalysis saying that losses have been more than $3.41 billion in 2025.

Related News: