Saga halts EVM chain after smart-contract attack…about $7 million stolen

Layer-1 blockchain project Saga temporarily suspended operations of the SagaEVM chain after roughly $7 million was stolen in a smart-contract vulnerability exploit.

According to The Block on the 21st (local time), Saga said in an official blog post that a security incident occurred on the SagaEVM chain in which about $7 million worth of USDC was withdrawn without authorization. The attacker is believed to have moved the stolen funds out via a bridge and then converted them into Ethereum (ETH).

Saga said it halted the SagaEVM chain at block height 6,593,800 immediately after detecting anomalous transactions, and is currently conducting a root-cause analysis and recovery work.

The Saga team said it will keep the SagaEVM chain paused until the investigation results are finally verified, adding that it is working with partners to blacklist the attacker’s addresses and prevent further losses. It also plans to publish a post-incident report outlining the timeline and measures to prevent a recurrence based on the findings.

According to the project, the attack was carried out using a sophisticated method combining multiple smart-contract deployments, liquidity movements, and cross-chain transactions. However, it stressed that the incident did not affect Saga’s core infrastructure, and that no signs of compromise were found involving the SSC mainnet, the consensus layer, or the validator system.

The incident comes as crypto security threats are back in focus. Chainalysis said total losses from crypto-related hacks in 2025 amounted to $3.41 billion, up from the previous year.