Quick Breakdown
- Saga paused its SagaEVM chainlet after a $7m exploit involving cross-chain fund movement.
- Saga Dollar briefly depegged to $0.75 as TVL dropped sharply within 24 hours.
- The attacker’s wallet has been identified, with blacklisting efforts underway.
Layer-1 blockchain protocol Saga has paused its Ethereum-compatible SagaEVM chainlet after a $7 million exploit that allowed an attacker to move unauthorized funds across chains and swap them into Ether.
In a post shared on X on Wednesday, Saga said the chainlet was halted at block height 6,593,800 as an emergency response. A subsequent Medium update explained that early findings point to a coordinated attack involving malicious contract deployments, cross-chain interactions and rapid liquidity withdrawals.
SagaEVM has been paused at block height 6593800 in response to a confirmed exploit on the SagaEVM chainlet.
Mitigation is underway, and the team is fully focused on a solution.
Further updates will follow once details are confirmed.
— Saga ⛋ (@Sagaxyz__) January 21, 2026
Saga stressed that the incident did not involve a consensus breakdown, validator breach or leaked signer keys, noting that the wider network remains secure. Additional safeguards have since been deployed while investigations continue.
Stablecoins hit as Saga Dollar briefly depegs
Beyond the SagaEVM chainlet, the exploit also affected Saga-linked stablecoins Colt and Mustang. Saga said the chain will remain paused until its engineering and security teams complete a full review and publish a detailed post-mortem.
Saga Dollar, the protocol’s flagship USD-pegged stablecoin, briefly lost its peg late Wednesday, dropping to about $0.75 around 10:16 pm UTC, according to CoinGecko.
The fallout was also visible in on-chain metrics. Data from DefiLlama shows Saga’s total value locked (TVL) slid sharply, falling from more than $37 million to roughly $16 million within 24 hours. Saga launched Mainnet 2.0, an upgrade to tackle liquidity fragmentation in blockchain ecosystems, in December 2024.
Saga added that it has identified the attacker’s wallet and is working with exchanges and bridge operators to blacklist the address and limit further fund movement.
Theories emerge as the investigation continues
Saga has yet to confirm the root cause of the exploit, and external analyses remain speculative. Security researcher Vladimir S suggested the attacker may have exploited cross-chain logic to mint Saga Dollar without collateral, potentially abusing IBC-related mechanisms via custom contract messages.
Another on-chain investigator, known as Specter, floated the possibility of a private key compromise, while cautioning that available information is still limited.
For now, Saga says its priority is containment, transparency and restoring confidence once a full technical breakdown is ready.
If you would like to read more articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
