- **Saga** paused its **Saga EVM** chain after a hack on January 21, 2026 that drained nearly $7 million.
- Blockchain security firm **Decurity** says the attacker “minted D tokens (Saga Dollar) out of thin air with a helper contract that abused IBC mechanisms with custom messages.”
- Onchain investigator **Specter** says the loss “may be down to a private key compromise”.
- Stolen funds were bridged to an Ethereum address as USDC, then swapped to about 2,089 ETH (just over $6 million) via **KyberSwap**, **1inch** and **CoW Swap**; other tokens worth about $850,000 were moved into Uniswap liquidity pools.
- Stablecoin D fell about 25% after the attack, and the exploiter’s Saga EVM address still holds over 12 million D tokens.
On January 21, 2026, Saga paused its Saga EVM chain after an exploit drained close to $7 million from the network. The pause occurred on Saga’s EVM at block height 6593800, the team said, while mitigation work is underway. (Saga EVM is a gasless EVM environment that gives an Ethereum-like experience: https://www.saga.xyz/sagaevm.)
Blockchain monitoring first flagged the incident when X user rukawa.eth raised the alarm, and Decurity later posted an alert about the theft (https://x.com/DefimonAlerts/status/2014005231311319154). Saga’s official X account confirmed the exploit and the chain pause (https://x.com/Sagaxyz__/status/2014013472342761896).
According to Decurity, the attacker “minted D tokens (Saga Dollar) out of thin air with a helper contract that abused IBC mechanisms with custom messages.” (IBC refers to inter-blockchain communication, a protocol for passing messages between blockchains.) Onchain investigator Specter added that the loss “may be down to a private key compromise” (https://x.com/SpecterAnalyst/status/2014009022597177805).
Blockchain records show the stolen funds were bridged to an Ethereum address as USDC and then swapped to ETH through KyberSwap, 1inch and CoW Swap. The address currently holds about 2,089 ETH, valued at just over $6 million.
Other tokens taken, including YieldFi’s yUSD and yETH worth roughly $850,000, were bridged and later deposited to Uniswap liquidity pools. Stablecoin D fell about 25% after the hack, per CoinGecko data, and the exploiter’s Saga EVM address still holds more than 12 million D tokens.
The incident adds to a wave of DeFi breaches this year. Over $30 million has been stolen so far in 2026, with about $26 million taken from Truebit earlier this year. Recent attacks also hit platforms including Makina and SynapLogic, and some observers say the pattern of targeting older DeFi protocols has picked up since late 2025.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
