In response to a significant security breach, the SagaEVM blockchain temporarily suspended operations at block height 6,593,800 on January 21, 2026, effectively halting activity within its chainlet while leaving the overarching Saga SSC mainnet unaffected. This pause was implemented as a precautionary measure following the identification of a vulnerability linked to the Ethermint EVM precompile bridge code, a legacy component inherited from prior development stages. The flaw compromised the validation logic of certain transactions, enabling an attacker to bypass collateral deposit requirements when minting Saga Dollars, the protocol’s native stablecoin. Such incidents emphasize the importance of robust consensus mechanisms to maintain ledger integrity.
SagaEVM halted at block 6,593,800 to address a critical Ethermint precompile vulnerability affecting stablecoin minting.
The exploit allowed unlimited issuance of these tokens without backing, leading to substantial unauthorized inflation. This vulnerability originated from a forked EVM codebase that introduced gaps in the validation logic. Estimates of the financial impact vary, with losses reported around $6 to $7 million, depending on sources. The attacker capitalized on this weakness through sophisticated contract deployments and cross-chain operations that manipulated multiple layers of the protocol’s infrastructure. Stolen assets were subsequently bridged to the Ethereum network, where they were converted into over 2,000 ETH via decentralized exchange swaps on Uniswap V4, revealing strategic liquidity withdrawals designed to maximize extraction speed while evading conventional on-chain monitoring. Nearly $7 million in tokens were moved during these actions to the Ethereum Mainnet as part of the cross-chain activity.
As a consequence of the attack, the Saga Dollar stablecoin sharply depegged to approximately $0.75, causing the protocol’s total value locked to decline dramatically from $36 million to $21 million. This significant drop affected not only the stablecoin itself but also related ecosystem components such as Colt and Mustang, highlighting vulnerabilities in interconnected modules of the platform. The incident underscores the risks inherent in forking complex EVM codebases without exhaustive validation of inherited code, particularly precompile bridges that handle critical cross-chain functionality.
The SagaEVM team has since prioritized a thorough investigation into chain-level vulnerabilities, focusing on validating the full extent of the breach and developing secure patches. They have collaborated with exchanges and bridging services to blacklist the attacker’s address, a move aimed at mitigating further asset movement. Importantly, no evidence suggests compromise of validators or failure at the consensus layer, indicating that the core network integrity remains intact. This exploit serves as a cautionary example within the broader DeFi space, emphasizing the need for meticulous auditing of inherited protocols as decentralized finance continues to evolve.
