The Saga Layer 1 protocol has been exploited for approximately $6.8 million, forcing the team to halt its SagaEVM chain. The attack, confirmed on January 21, 2026, involved the unauthorized minting of the platform's native stablecoin, Saga Dollar (D). The attacker minted D tokens without collateral, bridged them to Ethereum, and swapped them for over 2,000 ETH (worth around $6 million) and other assets via Uniswap V4.
The Saga team responded by pausing the entire SagaEVM chain at block height 6,593,800 to prevent further losses and investigate the vulnerability. Initial findings indicate the exploit originated within Saga's own core infrastructure and not from integrated exchanges like Oku Trade or Uniswap contracts. The network remains suspended indefinitely as mitigation efforts are underway.
The financial and reputational damage is severe. The protocol's Total Value Locked (TVL) plummeted from over $36 million to around $21 million—a loss of more than 42%. Furthermore, the Saga Dollar (D) stablecoin de-pegged dramatically, crashing to an all-time low of $0.75 from its intended $1 peg. The D stablecoin, launched in early December 2025, had a supply exceeding 6 million tokens and was traded primarily on Saga's internal Oku Trade market.
The exploiter's address still holds the stolen ETH and a remaining D stablecoin balance of over $12 million, which cannot be traded while the chain is frozen. The native SAGA token, already trading near historic lows, fell further to approximately $0.053 following the breach announcement.
This incident is part of a worrying trend of significant attacks on DeFi and emerging Layer 1 protocols, which accelerated throughout 2025. The Saga exploit highlights the persistent security challenges, particularly around cross-chain bridges and smart contract logic, within new blockchain ecosystems designed for scalability.
