Saga said nearly $7M in assets were moved to Ethereum, and it is working with exchanges and bridges to blacklist the attacker’s wallet while forensic analysis continues.

Layer-1 network Saga paused its SagaEVM chain after an exploit that moved nearly $7m in tokens to Ethereum, as the team works through an ongoing investigation.

Saga said it stopped the chain at block height 6593800 after identifying a security incident on Jan. 21, and it has kept the network paused “out of an abundance of caution” while it validates the full impact and patches the weakness and reinforces the system.

Saga Identifies Wallet Linked To $7M Exploit

In its investigation update, Saga said nearly $7M in USDC, yUSD, ETH, and tBTC were transferred to the Ethereum Mainnet, and it identified the wallet it was extracted to.

The team said it is coordinating with exchanges and bridge operators to blacklist the attacker’s address and support recovery efforts, while it continues forensic analysis using archive data and execution traces.

Saga described the attack as a coordinated sequence involving contract deployments and cross-chain activity that ended in rapid liquidity withdrawals.

What They Can Confirm Right Now

Saga has identified a security incident affecting the SagaEVM chain. SagaEVM remains paused while our engineering and security teams work through a full remediation process.

Our current focus:

Stop further impact by keeping SagaEVM paused while mitigation is implemented.

Validate the full blast radius using archive data and execution traces.

Harden the relevant components before any restart.

Communicate only confirmed facts as they are locked in.

We recognize that a pause is disruptive. 

We made this decision because the safety of our community comes first.

Once remediation is complete, they will publish a more comprehensive technical post-mortem.

Check there investigation: https://medium.com/sagaxyz/sagaevm-security-incident-investigation-update-29a1d2a6b0cd