$7 million drained from SagaEVM chainlet; developers pause network to assess impact and strengthen security.
Blockchain developer Saga has paused its SagaEVM chain following an exploit that moved roughly $7 million in assets off the network, with the attacker routing the funds to Ethereum and swapping them into ETH, according to the project and reports covering the incident.
The chain was stopped at a specific block height after Saga detected what it described as a “security incident” on Wednesday.
The team has kept SagaEVM offline while assessing the full impact, developing a fix, and hardening the system. A more detailed technical post-mortem is expected once investigations conclude.
The Breach and What Wasn’t Affected
In the Wednesday blog post, Saga reported that the stolen assets included USDC, yUSD, ETH, and tBTC.
The exploit involved a coordinated series of contract deployments, cross-chain activity, and liquidity withdrawals, resulting in nearly $7 million being transferred to the Ethereum Mainnet.
The exploiter’s wallet has been identified as 0x2044697623afa31459642708c83f04ecef8c6ecb, and Saga is working with exchanges and bridges to blacklist the address and recover the stolen funds.
The attacker then bridged the assets to Ethereum and executed swaps, a common tactic used to make recovery more difficult.
Saga confirmed that the incident was limited to the SagaEVM “chainlet,” affecting only Colt and Mustang.
Its mainnet, consensus layer, validator security, and other chainlets were unaffected. The company added that there is no evidence of validator compromise, signer key leaks, or consensus failures, indicating the issue was isolated to the application layer rather than a deeper protocol vulnerability.
Recovery Efforts and Industry Context
As a precaution, the SagaEVM chain was paused at block height 6,593,800 while engineering and security teams carry out a full forensic investigation.
Saga stated that the pause is intended to prevent further impact, assess the full scope of the incident using archive data and execution traces, and reinforce affected components before the chain is restarted.
The company confirmed that the broader network remains secure. The mainnet, other chainlets, protocol consensus, validator security, and signer keys were not affected. There has been no consensus failure, and no additional parts of the network have been compromised.
Saga outlined next steps, which include completing root cause analysis, patching and hardening affected cross-chain and deployment components, coordinating with ecosystem partners, and publishing a detailed technical post-mortem describing the incident, the measures taken, and the safeguards implemented.
Check out DailyCoin’s hottest crypto news today:
Solana Goes TradFi: Ondo Brings 200+ Tokenized Stocks and ETFs On-Chain
Solana ETF Bid & State-Backed Stablecoin Puts 2026 “Super-cycle” in Play
