Saga EVM chain paused following $7M smart contract exploit

Saga has paused its SagaEVM chain following a smart contract exploit that resulted in the loss of approximately $7 million in bridged assets.
Summary

• Saga paused its EVM chain after detecting a confirmed exploit.
• The incident affected a single chainlet while the wider network stayed operational.
• A full post-mortem will be published after remediation is complete.

Saga has halted its SagaEVM chain after bridged assets were lost due to a smart contract exploit. This has prompted an ongoing investigation and remediation process.

In a statement released on X on Jan. 21, Saga confirmed the incident, stating that an exploit on the chainlet caused SagaEVM to be paused at block height 6,593,800.

What happened and what was affected

According to Saga’s investigation update, attackers executed a coordinated sequence of contract deployments and cross-chain transactions before withdrawing liquidity and moving funds to the Ethereum (ETH) mainnet.

SagaEVM remains paused while we finalize the results of our investigation into the Jan 21 exploit.

We’re working with partners on remediation and will publish a post-mortem once findings are fully validated. $7M of USDC was bridged out and converted to ETH.

Extracted funds were…

— Saga ⛋ (@Sagaxyz__) January 22, 2026

Nearly $7 million worth of assets, including USDC, yUSD, ETH, and tBTC, were bridged out and later converted. Saga said it is working with exchanges and bridge operators to blacklist the address and limit further movement of funds.

The impact was limited to the SagaEVM chainlet, along with the Colt and Mustang environments. Saga confirmed that its SSC mainnet, protocol consensus, validators, and other chainlets were not affected. The team also stated there was no consensus failure, validator compromise, or signer key leakage.

SagaEVM remains paused while engineers analyze archive data and execution traces to determine the full scope of the incident.

Mitigation efforts and next steps

Saga said the decision to pause the chain was made to prevent further impact while mitigation measures are completed. Since the pause, the team has restricted related cross-chain activity, added safeguards to block similar attack patterns, and continued forensic analysis with security partners.

The chain will stay offline until remediation is finished and the team is confident no additional risk remains. After findings are finalized and verified, Saga plans to release a comprehensive technical post-mortem.

As hackers continue to target smart contracts and cross-chain infrastructure, the incident adds to the growing list of cryptocurrency exploits observed in late 2025 and early 2026. Saga said it will continue to share updates as confirmed details become available.