Saga EVM Chain Security Breach: Full Details and Impact

All about Saga EVM Chain Security Breach, Scope and impact

On January 21st, 2026, Saga addressed a security breach that impacted the SagaEVM chain. 

The Saga EVM Chain Security Breach happened as a result of a series of contract deployments, actions between blockchain networks through the use of smart contracts, and then finally withdrawal of the funds from those smart contracts having made those actions possible.

Due to the severity of this incident, we have paused activity on the chain at block height 6593800 until we have fully investigated and addressed this incident.

Source: X official 

What Saga has mentioned right now:

It has uncovered security issues on the SagaEVM Chain. It is currently paused while our engineering and security teams go through all stages of a complete remediation process.

What we are doing currently:

Preventing additional impact by continuing to keep the chain Paused while mitigation is taking place.

Validating the entire "blast radius" through the use of archive data and execution traces.

Hardening the affected components prior to resuming activity.

Only communicating confirmed facts as they become available.

We are aware that the pausing of services is disruptive. However, we believe this was necessary for the protection of our community.

After all remediation has taken place, we will be providing a full technical post-mortem.

What is the Scope and Impact:

Affected - SagaEVM Chainlet - Colt & Mustang

Not Affected - SSC Mainnet (Still in Operation) - Saga Protocol Consensus - Validator Protection - Other Saga Chainlets

Impact

Approximately $7M worth of USDC, yUSD, ETH and tBTC were withdrawn to Ethereum's Mainnet

The exploiter's wallet address is 0x2044697623afa31459642708c83f04ecef8c6ecb, and we are working with bridges and exchanges to blacklist this wallet and recover the stolen tokens.

There has been no consensus failure, validator compromise, or signer key leakage.

The broader network remains structurally sound.

Upon confirmation of the breach the steps taken were:

1. The chainlet was paused

2. Engineering teams began a full forensic investigation using archive nodes and execution traces to assist in recovering any lost funds due to this attack.

3. They reviewed and restricted any cross-chain activity that may have been linked to this incident.

4. They have put additional safeguards in place to help prevent similar attacks in the future.

5. Until all mitigations are in place,Their teams are confident that there are no further risks, the SagaEVM will remain paused.

Further steps to be taken by after:

1. Validate the root cause of the issue

2. Patch and deploy security improvements to the affected cross-chain and deployment components.

3. Work closely with all ecosystem partners involved.

4. Lastly publish a detailed technical analysis of the breach.

Conclusion: The Saga EVM Chain Security Breach highlights the importance of strong security systems in blockchain networks. How Saga responds, fixes vulnerabilities, and restores user trust will play a crucial role in its long-term credibility and ecosystem stability.