Join Our Telegram channel to stay up to date on breaking news coverage
Layer 1 protocol Saga suffered a security exploit on its SagaEVM chain, draining nearly $7 million and prompting the project to pause the network. At the same time, it finalizes its investigation and remediation efforts, according to a blog post.
According to on-chain analysis, the attacker minted Saga Dollar (D) tokens without collateral, bridged the assets to Ethereum, and converted much of them into over 2,000 ETH valued at more than $6 million, with an additional $800,000 deployed into Uniswap V4 liquidity positions.
Saga halted the SagaEVM chain once it identified the incident on January 21 and has kept the chain stopped “out of an abundance of caution” while it assesses the full scope of the exploit, addresses the vulnerability, and reinforces overall system security.
SagaEVM remains paused while we finalize the results of our investigation into the Jan 21 exploit.
We’re working with partners on remediation and will publish a post-mortem once findings are fully validated. $7M of USDC was bridged out and converted to ETH.
Extracted funds were…
— Saga ⛋ (@Sagaxyz__) January 22, 2026
“We’re working with partners on remediation and will publish a post-mortem once findings are fully validated,” Saga said.
The team acknowledged that suspending the chain is disruptive for users but emphasized that protecting the community’s funds and the protocol’s integrity takes priority. Saga said it will release a detailed technical post-mortem once remediation steps are finished and its conclusions are fully verified.
Protocol Working To Blacklist The Attacker
According to Saga, it has identified the wallet that received the extracted assets.
Saga is coordinating with exchanges and bridge operators to blacklist the attacker’s address in an effort to limit the movement of the stolen funds and support any potential recovery measures. The team is also conducting a forensic analysis using archive data and execution traces to reconstruct the attack path.
Saga said the incident did not affect its broader infrastructure, including the SSC mainnet or core consensus layer, and found no evidence of validator compromise, consensus failure, or leaked signer keys.
The attack comes at a time when there is a prevalence of crypto exploits, with data from Chainalysis saying that losses have been more than $3.41 billion in 2025.
Related News:
Best Wallet – Diversify Your Crypto Portfolio
- Easy to Use, Feature-Driven Crypto Wallet
- Get Early Access to Upcoming Token ICOs
- Multi-Chain, Multi-Wallet, Non-Custodial
- Now On App Store, Google Play
- Stake To Earn Native Token $BEST
- 250,000+ Monthly Active Users
Join Our Telegram channel to stay up to date on breaking news coverage