Saga pauses network operations after $7 million exploit
An attacker exploited a vulnerability in SagaEVM, bridged roughly $7 million to Ethereum, and prompted the team to halt the network.
22.01.2026 - 08:55
289
2 min
0
Key points:
- A critical vulnerability was identified on Saga’s Layer 1 network.
- An attacker stole around $7 million and transferred the funds to Ethereum.
- SagaEVM has been paused pending the completion of the investigation.
On January 21, 2026, the Saga team disclosed a security incident affecting the SagaEVM network, in which an attacker gained access to assets worth approximately $7 million. After the incident was identified, the project suspended operations.
Developers said the incident did not affect the Saga protocol’s consensus, validator security, or other chains within the ecosystem. The Saga mainnet (SSC mainnet) continues to operate normally.
Incident details
The exploit stemmed from a vulnerability in smart contracts linked to cross-chain operations on SagaEVM. The attacker leveraged a chain of contracts and the bridge mechanism to extract liquidity from the network.
Saga said the underlying blockchain itself was not compromised. Consensus operations were not disrupted, validators continued to function as expected, and no governance or control key leaks were detected.
After the attack was identified, SagaEVM was paused at block 6,593,800. The stolen funds were bridged to the Ethereum network and are currently held at a single wallet address 0x2044697623afa31459642708c83f04ecef8c6ecb.
Following the incident, several Saga ecosystem stablecoins — including Saga Dollar, Colt and Mustang — came under liquidity pressure. According to market data, the main stablecoin briefly lost its dollar peg, while the protocol’s total value locked fell sharply.
Useful material?
Incidents
Developers warned of potential risks to bridges across the ecosystem and asked exchanges for assistance.
Jun 22, 2026
Incidents
The defendant helped move funds stolen through investment scams and earned at least $4 million for his role in the operation.
Jun 10, 2026
Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Telegram
Twitter