The Layer-1 blockchain protocol Saga has temporarily halted its SagaEVM chainlet following a significant security breach that saw roughly $7 million stolen.
The incident involved unauthorized funds being bridged out and converted into Ether, prompting an immediate pause to safeguard users and the network.
The Saga team confirmed the action in an X post on Wednesday, noting the chain was paused at block height 6,593,800 while engineers investigate the incident.
How the Attack Happened
In a detailed follow-up on Medium, Saga explained that the exploit appeared to be a coordinated series of actions, including new contract deployments, cross-chain activity, and subsequent liquidity withdrawals.
The team emphasized that the broader Saga network remains intact: there was no consensus failure, no validator compromise, and no leakage of signer keys.
To prevent similar attacks, additional safeguards have already been implemented across the platform.
Stablecoins Also Impacted
Alongside SagaEVM, Saga’s stablecoins, Colt and Mustang, were affected.
The chain will remain paused until the engineering and security teams complete their full investigation and release a detailed post-mortem report.
Meanwhile, the team has identified the attacker’s wallet and is actively working with exchanges and bridges to blacklist the address, preventing further misuse of the stolen funds.
Market Impact
The incident immediately shook Saga’s ecosystem.
The platform’s US dollar-pegged stablecoin briefly dropped to $0.75, according to CoinGecko.
Total Value Locked (TVL) on the network also took a hit, plummeting from over $37 million to $16 million in just 24 hours, based on DeFiLlama estimates.
Experts Weigh In on the Exploit
While Saga has not yet released a complete post-mortem, security researchers have offered theories on how the attack unfolded.
Vladimir S, a threat researcher, suggested the exploit may have allowed the attacker to mint unlimited Saga Dollars through a helper contract that exploited IBC mechanisms with custom messages.
By bypassing validation in the precompile bridge logic, the attacker could generate tokens without collateral.
Another on-chain investigator, going by the handle Specter, speculated it could involve a private key compromise, though admitted there’s limited information available.
What Comes Next
Saga’s team is taking a cautious approach, leaving the chain paused until all investigations are complete.
Users and investors are advised to follow updates closely, as the platform works to restore security, stabilize the ecosystem, and recover community trust.
The Saga incident underscores the ongoing risks in blockchain ecosystems, highlighting the importance of rigorous smart contract audits, cross-chain security measures, and rapid response protocols in safeguarding digital assets.
Share on Facebook «||» Share on Twitter «||» Share on Reddit «||» Share on LinkedIn