Layer-1 blockchain protocol Saga has temporarily halted its SagaEVM environment after a smart contract exploit resulted in nearly $7 million in assets being bridged out to Ethereum, the team said in a late-night update on X.
According to Saga, the incident was contained to a specific chainlet, while the broader Saga ecosystem remains operational.
We’re working with partners on remediation and will publish a post-mortem once findings are fully validated. $7M of USDC was bridged out and converted to ETH.
Saga confirmed that SagaEVM was paused at block height 6,593,800, citing a “confirmed exploit” on the SagaEVM chainlet. The protocol added that mitigation is in progress and further updates will be shared once details are verified.
What Happened: Network Halted to Contain Further Damage
Saga said the decision to pause SagaEVM was made “out of an abundance of caution” as engineering and security teams investigate the incident and validate the full scope of potential impact. The team outlined four priorities guiding the response process: – prevent further harm by keeping SagaEVM paused, – validate exposure using archive data and execution traces, – harden affected components before restarting the chain, – communicate only confirmed facts.
Saga acknowledged that the pause is disruptive but emphasized that community safety was the main reason behind the shutdown.
Scope of Impact: SagaEVM Chainlet Affected, Mainnet Still Running
Saga stated the security incident impacted: – SagaEVM chainlet – Colt and Mustang
Notably, the protocol said the following were not affected:
– Saga SSC mainnet (remains operational) – Saga protocol consensus – Validator security – Other Saga chainlets
On-chain tracking indicates the attacker moved close to $7M worth of USDC, yUSD, ETH, and tBTC to Ethereum mainnet.
Rising Exploit Fatigue Across DeFi
The incident adds to growing user concerns around recurring DeFi smart contract exploits, following a year marked by frequent vulnerabilities and liquidity drains. While Saga insists its underlying infrastructure remains intact, the exploit highlights the ongoing security pressure faced by multi-environment blockchain architectures — especially those relying on bridging and app-specific execution layers.
Saga is expected to publish a full post-mortem after remediation is completed and findings are fully validated.
