Layer-1 protocol Saga halted its SagaEVM chain late Wednesday after an attacker exploited a bridge vulnerability to mint unlimited stablecoins, draining approximately $7 million in assets. The breach triggered a collapse in the protocol’s native stablecoin, Saga Dollar (D), which plunged 25% to trade around $0.75.
The exploit, confirmed by Saga’s team in an investigation update, forced validators to freeze the network at block height 6,593,800. While Saga’s mainnet and validator set remain secure, the attack devastated liquidity on the specific EVM "chainlet" designed for Ethereum compatibility.
The Mechanics: Infinite Mint
Security firm Decurity identified the vector as a manipulation of the Inter-Blockchain Communication (IBC) protocol. The attacker reportedly used a malicious helper contract to trick the bridge into minting unbacked D tokens. Conversely, on-chain sleuth Specter suggested a potential private key compromise, noting the precision of the unauthorized transfers.
Once minted, the attacker swiftly bridged the illicit D tokens to the Ethereum mainnet as USDC. The funds were immediately swapped via KyberSwap, 1inch, and CoW Swap to avoid freezing, resulting in a stash of 2,089 ETH (approx. $6M) sitting in the exploiter's wallet. Another $850,000 in YieldFi assets (yUSD) was also drained.
“Mitigation is underway… The SagaEVM chain was paused at block height 6,593,800 out of an abundance of caution.”, Saga Team
Market Impact
The breach instantly evaporated confidence in the D stablecoin, which launched only in December 2025. The token lost its peg immediately, currently struggling at $0.75 as holders exit. Saga’s native governance token (SAGA) showed resilience, trading flat (-0.9%) as the market differentiated between the mainnet and the compromised EVM layer.
Saga is currently coordinating with centralized exchanges and bridge operators to blacklist the attacker’s address. The chain remains paused indefinitely pending a full patch.
