The SagaEVM chain, part of the Saga Layer-1 blockchain ecosystem, remained paused after a security exploit on January 21. With that, the investigation update was released on January 22, the attacker’s wallet was found, and around $7 million worth of assets, with some converted to Ethereum. Further, the team is working to blacklist that hacker’s address.
Saga Identifies Attacker Wallet as Funds Bridged to Ethereum
After the exploit was identified, on the first day itself, the team paused the chain at block height 6,593,800 to stop unauthorized transfers. Also, appears to have involved a sequence of contract deployments, cross-chain interactions, and rapid liquidity withdrawals that allowed the attacker to extract assets.
The stolen assets, including USDC, were transferred to the Ethereum mainnet and, in some cases, converted to ETH or other tokens. Also, the Saga has identified the wallet linked to the exploit and is working with exchanges and bridge operators to blacklist it and support asset recovery.
With that, currently, the Saga team is conducting a detailed forensic investigation and plans to publish a comprehensive technical post-mortem report.
The exploit affected the SagaEVM network chain itself, as well as environments like Colt and Mustang that rely on EVM functionality, whereas the Saga SSC mainnet, consensus layer, and Validator security were unaffected, and there was no evidence of private key compromise.
Chainalysis Theft Estimation in 2025
The cryptocurrency industry lost more than $3.4 billion in thefts between January and early December 2025, highlighting ongoing security issues.
The report says that the attacks on investors’ personal wallets increased significantly in 2025, with the stolen value rising from 7.3% to 44%. Where the direct crypto wallet drain occurrences were around 158,000, with over 80,000 distinct victims.
Highlighted Crypto News Today:
Thailand Drafts Crypto ETF Rules as Institutional Demand Rises
