Saga Blockchain Loses $7 Million in Exploit

** SagaEVM was stopped by Saga Blockchain after being emptied of $7 million in crypto by attackers. The investigation is in progress as the team tries to reclaim the stolen money.  **

Saga Blockchain ceased its SagaEVM chain on January 21, 2026. The stop was after the security teams realized that there was some suspicious activity. The platform stopped the chain at block height 6593800.

Official Medium post by Saga states that attackers have executed a synchronized cascade of contract deployments. These deployments were followed by cross-chain activity, and the withdrawals of liquidity finished the attack pattern.

The Million-Dollar Question: What Got Stolen?

The hack drained almost 7 million dollars worth of various cryptocurrencies. USDC, yUSD, ETH, and tBTC were moved to the Ethereum Mainnet.

The wallet address used by the attacker was 0x2044697623afa31459642708c83f04ecef8c6ecb, which was identified by the security team at Saga. The team is working with exchanges and bridges to blacklist the wallet and recover the extracted tokens.

The Colt and Mustang projects were no exception, and the SagaEVM chainlet bore the brunt of the attack. Nevertheless, the Saga SSC mainnet is still functioning normally and the larger Saga network is structurally sound.

What Saga Says About Recovery

Engineering teams at Saga initiated a complete forensic investigation, with the aid of archive nodes and execution traces. Cross-chain incidents are now restricted.

On X, Sagaxyz__ wrote: SagaEVM has notified a confirmed exploit and has halted at block height 6593800. The team highlighted that they are working on mitigation and will be fully committed to finding a solution.

SagaEVM has been paused at block height 6593800 in response to a confirmed exploit on the SagaEVM chainlet.

Mitigation is underway, and the team is fully focused on a solution.

Further updates will follow once details are confirmed.

— Saga ⛋ (@Sagaxyz__) January 21, 2026

Source – X

There was no consensus failure in the incident. The validator keys and signer keys have not been lost, and the Saga protocol consensus works correctly.

The site also provided other protection against this kind of attack. SagaEVM will wait until mitigation has taken place and confirm that there is no additional risk before commencing again.

Saga has promised to release a detailed technical post-mortem. The report will provide root cause, remediation measures, and the new safeguards put in place to avoid future occurrences.