Saga, a Layer 1 blockchain protocol, has temporarily paused its SagaEVM chain after a smart contract exploit led to the loss of nearly $7 million in digital assets. The project confirmed the incident in a midweek update, saying it is continuing to investigate the breach and working with partners to prevent further damage.
According to Saga, the exploit occurred on January 21 and resulted in the unauthorized withdrawal of approximately $7 million in USDC. The funds were quickly bridged out of the SagaEVM network and later converted into ether (ETH). The team has identified the wallet believed to be linked to the attacker, labeled as “0x2044…c6ecb,” and is coordinating with exchanges and bridge operators to blacklist the address.
Saga said it halted the SagaEVM chain at block height 6,593,800 after detecting unusual on-chain activity. The pause remains in effect as engineers finalize their analysis and remediation steps.
“SagaEVM remains paused while we finalize the results of our investigation into the Jan 21 exploit,” the project stated in a post on X.
SagaEVM remains paused while we finalize the results of our investigation into the Jan 21 exploit.
— Saga ⛋ (@Sagaxyz__) January 22, 2026
We’re working with partners on remediation and will publish a post-mortem once findings are fully validated. $7M of USDC was bridged out and converted to ETH.
Extracted funds were…
The team added that a full post-mortem will be published once the findings have been thoroughly validated.
Preliminary findings suggest the attack involved a carefully coordinated sequence of actions, including new contract deployments, liquidity shifts, and cross-chain transactions. This combination allowed the attacker to move funds rapidly before safeguards could be fully activated.
Importantly, Saga emphasized that the exploit was limited in scope. The project reported no impact on its broader infrastructure, including the SSC mainnet or its core consensus layer. There was also no evidence of validator compromise, consensus failure, or leaked signer keys, which helped contain the incident to the SagaEVM environment.
The breach comes at a time when crypto-related security incidents remain a persistent challenge across the industry. Blockchain analytics firm Chainalysis estimates that crypto theft exceeded $3.41 billion in 2025, slightly higher than the $3.38 billion recorded the previous year. Smart contract exploits and cross-chain vulnerabilities have continued to account for a significant share of these losses.
Saga’s response reflects a broader trend among blockchain projects to act quickly when potential threats emerge, prioritizing network safety and transparency. By pausing the chain, identifying the attacker’s wallet, and collaborating with ecosystem partners, the team aims to limit further risk while restoring confidence among users and developers.
