Layer-1 network Saga paused its SagaEVM chain after an exploit that moved nearly $7m in tokens to Ethereum, as the team works through an ongoing investigation.
Saga said it stopped the chain at block height 6593800 after identifying a security incident on Jan. 21, and it has kept the network paused “out of an abundance of caution” while it validates the full impact and patches the weakness and reinforces the system.
“We recognize that a pause is disruptive. We made this decision because the safety of our community comes first,” the team said Wednesday in its blog. “Once remediation is complete, we will publish a more comprehensive technical post-mortem.”
Saga Identifies Wallet Linked To $7M Exploit
In its investigation update, Saga said nearly $7M in USDC, yUSD, ETH, and tBTC were transferred to the Ethereum Mainnet, and it identified the wallet it was extracted to.
The team said it is coordinating with exchanges and bridge operators to blacklist the attacker’s address and support recovery efforts, while it continues forensic analysis using archive data and execution traces.
Saga described the attack as a coordinated sequence involving contract deployments and cross-chain activity that ended in rapid liquidity withdrawals.
Chainalysis Estimates $3.4B In Crypto Theft In 2025
Reports on the incident also said the attacker bridged assets to Ethereum and converted proceeds into ETH via swaps.
Saga said the incident affected the SagaEVM chainlet along with Colt and Mustang, but it did not affect the Saga SSC mainnet, the protocol’s consensus, validator security, or other Saga chainlets. It also said it found no evidence of validator compromise, signer key leakage, or consensus failure.
The breach lands as crypto security remains under pressure. Chainalysis estimated the industry saw over $3.4B in theft in 2025, and pointed to large, concentrated hacks as a key driver of losses.
The post Layer-1 Protocol Saga Temporarily Shuts SagaEVM Chain After $7M Exploit appeared first on Cryptonews.