Saga has halted its EVM blockchain following an exploit that resulted in the theft of approximately $7 million. While the exact cause is still being debated, the attacker successfully bridged stolen assets to Ethereum and converted them into ether to avoid a freeze on the funds.
Saga has officially suspended operations on its Saga EVM blockchain after a significant security breach drained nearly $7 million from the network earlier today. Known as a gasless environment designed for gaming and decentralized finance, the scaling solution was forced offline to prevent further damage. The alarm was first raised by community members and later confirmed by blockchain security firm Decurity, leading to an official confirmation of the pause from Saga’s leadership via social media.
The technical specifics of the attack remain a point of investigation, with conflicting reports on how the breach occurred. Decurity suggested that the exploiter manipulated Inter-Blockchain Communication mechanisms through a helper contract to mint Saga Dollar tokens without collateral. Conversely, other on-chain investigators have floated the possibility that a private key compromise might be the true root cause. Regardless of the entry point, the impact was immediate, with the network's native stablecoin seeing a sharp decline in value.
Blockchain data reveals a calculated exit strategy by the attacker to secure the illicit gains. After the initial drain, the funds were bridged back to an Ethereum address in the form of USDC. To bypass the risk of centralized stablecoin issuers freezing the assets, the attacker utilized decentralized aggregators like 1inch, KyberSwap, and CoW Swap to exchange the tokens for native ether. The primary attacker address was seen holding over 2,000 ETH shortly after these transactions were processed.
The scope of the theft extended beyond primary stablecoins to include specialized assets like yUSD and yETH from YieldFi, totaling nearly $850,000 in additional losses. These specific tokens were funneled into Uniswap liquidity pools as part of the laundering process. Despite the heavy movement of funds, the exploiter’s original address on the Saga EVM still holds a massive balance of over 12 million D tokens, which remain trapped due to the network pause.
The fallout from the event has sent shockwaves through the Saga ecosystem, with the D stablecoin dropping 25% in value according to market data. As the network remains dark, the developers are working to provide a more detailed post-mortem to clarify whether the vulnerability was a protocol-level flaw or a management oversight. For now, users and investors are left waiting for a recovery plan and a timeline for the chain's eventual restart.
Source: Saga Becomes Latest Victim In Ongoing DeFi Hacking Spree