Layer-1 blockchain protocol Saga has paused its SagaEVM chainlet following a $7 million exploit that allowed unauthorized funds to be bridged out and converted into Ether.
The team announced on X on Wednesday that the Ethereum-compatible chain was paused at block height 6,593,800 in response to the incident.
In a follow-up post on Medium, Saga said its investigation indicates the exploit “involved a coordinated sequence of contract deployments, cross-chain activity, and subsequent liquidity withdrawals.”
The team emphasized that the incident did not involve a consensus failure, validator compromise, or leakage of signer keys, and that the broader Saga network remains structurally sound. Additional safeguards have been implemented to help prevent similar attacks in the future.
Alongside the SagaEVM chainlet, the platform’s other stablecoins, Colt and Mustang, were also affected, Saga said. The chain will remain paused while engineering and security teams conduct a full investigation and publish a post-mortem.
In the meantime, Saga reported that it has identified the wallet address where the stolen funds were sent and is “working with exchanges and bridges to blacklist this address.”
The platform’s US dollar–pegged stablecoin de-pegged on Wednesday around 10:16 pm UTC, dropping to $0.75, according to CoinGecko. Saga’s total value locked (TVL) also fell sharply, with DeFiLlama estimating a decline from over $37 million to $16 million within 24 hours.
While Saga has not yet released a detailed post-mortem, security experts have weighed in. Threat researcher Vladimir S suggested the exploit may have allowed the attacker to mint unlimited Saga Dollars. “By crafting custom messages or payloads, the contract bypassed validation in the precompile bridge logic, enabling infinite minting of $D tokens without collateral,” he explained.
Meanwhile, an on-chain investigator known as Specter speculated the incident could involve a private key compromise, though noted that “there is not much info” available at this stage.
