The Saga protocol team was forced to temporarily halt the operations of the SagaEVM blockchain due to a large-scale hack, during which an unknown attacker withdrew over $7 million. The network was stopped at block number 6,593,800, as reported by the developers in their official statement on social media platform X.
This is reported by Business • Media
Attack on SagaEVM and Its Consequences
“SagaEVM was suspended at block height 6,593,800 in response to a confirmed exploit on the SagaEVM chain. Mitigation efforts are ongoing, and the team is fully focused on finding a solution. Further updates will be provided after details are confirmed.”
In subsequent messages, the team explained that the attackers carried out a coordinated series of actions: deploying contracts, conducting inter-network transactions, and withdrawing liquidity. At the same time, Saga emphasized that the audit revealed no signs of validator compromise, consensus disruption, or private key leakage. According to the developers, the underlying infrastructure of the network remains stable.
It has been established that the attacker’s address has already been identified. Developers are working with cryptocurrency exchanges and inter-network bridges to block access to assets associated with this address. The incident affected not only the SagaEVM network but also the assets of the Colt and Mustang ecosystems.
Liquidity Decline and Stablecoin Destabilization
The Saga Dollar (DUSD) cryptocurrency, which is the main stablecoin of the protocol and pegged to the US dollar, temporarily lost its peg. According to CoinGecko, the DUSD price dropped to $0.75 per unit. Due to the pressure on the ecosystem, the protocol’s capitalization plummeted by more than 50% in one day: according to DefiLlama, the total value locked decreased from over $37 million to around $16 million.
An official detailed report on the causes of the incident has not yet been published. Meanwhile, independent researchers are voicing their hypotheses regarding the mechanism of the hack. In particular, former Immunefi analyst under the pseudonym Vladimir S suggested that the attacker might have created Saga Dollar “out of nothing” using an additional contract and manipulations with IBC through user messages. Another researcher under the pseudonym Specter considers the possibility of private key compromise, although he points to insufficient data for definitive conclusions.
It is worth noting that recently the Makina Finance protocol also fell victim to a suspected hack of a stablecoin pool, resulting in a loss of nearly $5 million.