Join our Telegram channel to stay up to date with the latest news
Layer 1 protocol Saga suffered a security exploit on its SagaEVM chain, draining nearly $7 million and prompting the project to suspend the network. At the same time, it is finalizing its investigation and remediation efforts, according to a blog post.
According to on-chain analysis, the attacker created uncollateralized Saga Dollar (D) tokens, linked the assets to Ethereum, and converted a large portion of them into over 2,000 ETH worth over $6 million, with an additional $800,000 deployed into Uniswap V4 liquidity positions.
Saga shut down the SagaEVM channel after identifying the incident on January 21 and has kept the channel down “out of an abundance of caution” while it assesses the full scope of the exploit, fixes the vulnerability, and strengthens overall system security.
SagaEVM remains on hiatus while we finalize the results of our investigation into the January 21 exploit.
We are working with partners on remediation and will publish a post-mortem once the results are fully validated. $7 million worth of USDC was filled and converted to ETH.
The funds extracted were…
–Saga ⛋ (@Sagaxyz__) January 22, 2026
“We are working with partners on remediation and will release a post-mortem analysis once the results are fully validated,” Saga said.
The team acknowledged that the chain suspension was disruptive to users, but emphasized that protecting community funds and the integrity of the protocol was a priority. Saga said it will release a detailed technical post-mortem once the remediation steps are completed and its findings are fully verified.
Protocol to blacklist attacker
According to Saga, it identified the wallet that received the mined assets.
Saga coordinates with exchanges and bridge operators to blacklist the attacker’s address in an effort to limit the movement of stolen funds and support any potential recovery measures. The team also conducts forensic analysis using archival data and execution traces to reconstruct the attack path.
Saga said the incident did not affect its broader infrastructure, including the SSC mainnet or core consensus layer, and found no evidence of validator compromise, consensus failure, or leaks of signer keys.
The attack comes at a time when cryptographic exploits are widespread, with data coming from On-Chain Analysis saying losses were more than $3.41 billion in 2025.
Related news:
Best Wallet – Diversify your crypto portfolio
- Easy-to-use, feature-driven crypto wallet
- Get Early Access to Upcoming Token ICOs
- Multi-chain, multi-wallet, non-custodial
- Now on App Store, Google Play
- Stake to win a $BEST native token
- More than 250,000 active users per month
Join our Telegram channel to stay up to date with the latest news
