Saga announced a pause in its Saga EVM blockchain in response to a hack that cost nearly $7 million earlier today.
The scaling solution describes itself as a “gas-free EVM environment that gives you the full Ethereum experience.” Saga’s broader ecosystem would include Web3, DeFi, and AI gaming agents.
User X rukawa.eth raised the alarm shortly after the attack, with blockchain security firm Decurity reporting the hack four hours later.
Saga’s official X account later confirmed the exploit, informing users that the channel is on hiatus.
Learn more: Gmak! Flash Loan Hack Hits DeFi Platform Makina for $5 Million
With few details surrounding the incident, the root cause of the exploit remains unclear.
According to Decurity’s alert, the attacker “created D (Saga Dollar) tokens from scratch with a support contract that abused IBC mechanisms with personalized messages.”
However, “Onchain Investigator” Specter suggests loss may be due to private key compromise.
Whatever the cause, blockchain data shows that the stolen funds were sent back to an Ethereum address such as USDC.
In order to avoid being frozen, they were then exchanged for native ether (ETH) via KyberSwap, 1inch and CoW Swap. The address currently holds approximately 2,089 ETH, valued at just over $6 million.
Other tokens, including YieldFi’s yUSD and yETH, totaling around $850,000, were also bridged. These were then deposited into Uniswap liquidity pools.
The Saga-based stablecoin D is down 25% since the hack, according to CoinGecko data. The exploiter’s Saga EVM address still contains over 12 million D tokens.
Learn more: Legacy DeFi platforms lose $27 million as hacking frenzy continues into 2026
DeFi Danger
Today’s incident is the latest in what appears to be a resurgence of DeFi hacks in recent weeks.
Already this year, more than $30 million has been stolen by hackers, the majority of which ($26 million) lost by Truebit. Indeed, just yesterday, two attacks hit the DeFi platform Makina and the gaming/AI project SynapLogic.
The trend appeared to accelerate towards the end of 2025, a year mainly dominated by larger exchange hacks.
However, starting in December, a series of older DeFi protocols were targeted, with some suspecting that an AI-assisted exploiter could be looking for previously unnoticed vulnerabilities.
Do you have any advice? Send us an email securely via Proto leaks. For more informed news, follow us on X, Blue skyAnd Google Newsor subscribe to our YouTube channel.
