L'Exploit de la Chaîne SagaEVM Entraîne un Drainage de 7 Millions de Dollars, les Fonds Transférés vers Ethereum

TheNewsCryptoPublicado em 2026-01-22Última atualização em 2026-01-22

Resumo

L'exploit de sécurité sur la chaîne SagaEVM, survenue le 21 janvier, a entraîné le vol d'environ 7 millions de dollars en actifs. L'équipe de Saga a réagi en mettant la chaîne en pause et a identifié le portefeuille de l'attaquant. Les fonds volés, dont de l'USDC, ont été transférés vers le réseau principal Ethereum et partiellement convertis en ETH ou d'autres jetons. Une enquête médico-légale détaillée est en cours et un rapport technique complet sera publié. L'écosystème principal de Saga (SSC) n'a pas été affecté. Parallèlement, un rapport de Chainalysis estime que l'industrie de la cryptomonnaie a perdu plus de 3,4 milliards de dollars en vols rien qu'en 2025.

La chaîne SagaEVM, faisant partie de l'écosystème blockchain Saga Layer-1, est restée suspendue suite à une exploitation de sécurité survenue le 21 janvier. Par conséquent, la mise à jour de l'enquête a été publiée le 22 janvier, le portefeuille de l'attaquant a été identifié, et environ 7 millions de dollars d'actifs, dont une partie convertie en Ethereum, ont été dérobés. De plus, l'équipe travaille à mettre sur liste noire l'adresse du pirate.

Saga Identifie le Portefeuille de l'Attaquant Alors que les Fonds Pontés vers Ethereum

Après que l'exploit a été identifié, dès le premier jour, l'équipe a suspendu la chaîne au niveau de hauteur de bloc 6 593 800 pour stopper les transferts non autorisés. De plus, il semble que l'attaque ait impliqué une séquence de déploiements de contrats, d'interactions inter-chaînes et de retraits rapides de liquidités qui ont permis à l'attaquant d'extraire des actifs.

Les actifs volés, incluant l'USDC, ont été transférés vers le mainnet Ethereum et, dans certains cas, convertis en ETH ou d'autres jetons. De plus, Saga a identifié le portefeuille lié à l'exploit et travaille avec les plateformes d'échange et les opérateurs de ponts pour le mettre sur liste noire et soutenir la récupération des actifs.

Actuellement, l'équipe de Saga mène une enquête médico-légale détaillée et prévoit de publier un rapport technique post-mortem complet.

L'exploit a affecté la chaîne du réseau SagaEVM elle-même, ainsi que des environnements comme Colt et Mustang qui dépendent de la fonctionnalité EVM, tandis que le mainnet Saga SSC, la couche de consensus et la sécurité des validateurs sont restés intacts, et il n'y a aucune preuve de compromission de clé privée.

Estimation des Vols par Chainalysis en 2025

L'industrie des cryptomonnaies a perdu plus de 3,4 milliards de dollars en vols entre janvier et début décembre 2025, mettant en lumière des problèmes de sécurité persistants.

Le rapport indique que les attaques sur les portefeuilles personnels des investisseurs ont considérablement augmenté en 2025, la valeur volée passant de 7,3 % à 44 %. Le nombre d'occurrences de drainage direct de portefeuilles crypto s'élevait à environ 158 000, avec plus de 80 000 victimes distinctes.

Actualité Crypto en Vedette Aujourd'hui :

La Thaïlande Élabore des Règles pour les ETF Crypto Alors que la Demande Institutionnelle Augmente

Criptomoedas em alta

CitreaCTR

wrapped stUSDTWSTUSDT

Velodrome FinanceVELODROME

BrevisBREV

ZRX（0X）ZRX

PancakeSwapCAKE

Perguntas relacionadas

QQuand l'exploit de sécurité sur la chaîne SagaEVM s'est-il produit et quelle a été la réponse immédiate de l'équipe ?

AL'exploit de sécurité s'est produit le 21 janvier. En réponse immédiate, l'équipe a mis la chaîne en pause au bloc 6 593 800 pour arrêter les transferts non autorisés.

QQuel est le montant estimé des actifs drainés lors de l'exploit de la SagaEVM et où les fonds ont-ils été déplacés ?

AEnviron 7 millions de dollars d'actifs ont été drainés. Les fonds volés, y compris de l'USDC, ont été transférés vers le réseau principal Ethereum (mainnet) et, dans certains cas, convertis en ETH ou d'autres jetons.

QQuelles sont les actions que l'équipe de Saga entreprend pour traiter cet incident ?

AL'équipe de Saga a identifié le portefeuille de l'attaquant et travaille avec les bourses et les opérateurs de bridge pour le blacklister et soutenir la récupération des actifs. Elle mène également une enquête médico-légale détaillée et prévoit de publier un rapport post-mortem technique complet.

QQuelles parties de l'écosystème Saga ont été affectées par cet exploit et lesquelles sont restées sécurisées ?

AL'exploit a affecté la chaîne SagaEVM elle-même ainsi que les environnements comme Colt et Mustang qui reposent sur la fonctionnalité EVM. Cependant, le mainnet Saga SSC, la couche de consensus et la sécurité des validateurs sont restés non affectés, et il n'y avait aucune preuve de compromission de clé privée.

QSelon le rapport mentionné, quelle était la tendance concernant les vols de portefeuilles personnels en 2025 ?

ALe rapport de Chainalysis indique que les attaques sur les portefeuilles personnels des investisseurs ont considérablement augmenté en 2025, la valeur volée passant de 7,3 % à 44 %. Il y a eu environ 158 000 occurrences de drainages de portefeuilles crypto, touchant plus de 80 000 victimes distinctes.

Leituras Relacionadas

NVIDIA's New Open-Source MoE: One Line of Import, Fine-Tuning Accelerated by 3.7x

NVIDIA has open-sourced NeMo AutoModel, a tool designed to significantly accelerate the fine-tuning of Mixture-of-Experts (MoE) large language models. By adding just one import line to existing code based on Hugging Face Transformers v5, users can achieve a 3.4x to 3.7x increase in training throughput and reduce GPU memory usage by 29% to 32% without altering their API. The key innovations include Expert Parallelism (EP) to distribute expert weights across GPUs, lowering memory pressure; DeepEP to fuse computation and communication; and TransformerEngine kernels for accelerated core operations. Benchmarks on models like Qwen3-30B-A3B show training throughput per GPU jumping from 3075 to 11340 tokens per second. The solution also enables the fine-tuning of very large models, such as the 550B parameter Nemotron 3 Ultra, which would exceed memory limits with the standard Transformers v5. Code and benchmarks are available on GitHub.

marsbitHá 8m

NVIDIA's New Open-Source MoE: One Line of Import, Fine-Tuning Accelerated by 3.7x

marsbitHá 8m

How to Detect AI-Generated Videos? A Review of Dynamic, Traceable, and Explainable Detection Systems

**How to Detect AI-Generated Videos: A Survey on Dynamic, Traceable, and Explainable Detection Systems** With rapid advances in AI video generation (e.g., Sora, Veo), creating highly realistic, multi-minute videos is now possible, widening the gap with detection research. Current AI video detection, often limited to unreliable binary classifications, is insufficient. This survey, accepted at ACL 2026, reframes the goal as **"factual fidelity verification"**—checking if a video's content (who, when, where, what) aligns with the real world perceptually and cognitively. It categorizes AI-generated videos into three paradigms: **Local Manipulation Videos (LMV**, e.g., face swaps), **Audio-Visual Editing (AVE**, e.g., lip-syncing), and **Generative Video Synthesis (GVS**, fully synthetic videos like Sora's). Detection challenges evolve from visual artifacts in LMV to multi-modal inconsistencies in AVE and higher-level world knowledge violations in GVS. The core proposal is a **Vision-Language Dual-View framework** with four hierarchical layers: 1. **Layer 1 (Intrinsic Visual Cues):** Analyzes low-level signal statistics, noise patterns, and physiological signals. 2. **Layer 2 (Spatiotemporal Consistency):** Checks for temporal coherence in object motion and scene dynamics. 3. **Layer 3 (Cross-Modal Consistency):** Verifies alignment between video, audio, and text within the video. 4. **Layer 4 (Language-Guided World-Level Reasoning):** Uses external knowledge, facts, and physical laws to judge semantic plausibility and factual correctness. The survey traces a shift in detection focus from lower layers (1 & 2) toward higher, language-involved layers (3 & 4). It also reviews evolving evaluation metrics and datasets tailored for each video paradigm. The conclusion advocates for a **dynamic, evidence-first detection system** that moves beyond simple classification. Future trustworthy detection requires combining visual evidence (from CV) with semantic reasoning and explanation (from NLP & multimodal AI), ultimately creating traceable and explainable judgments about a video's adherence to real-world constraints.

marsbitHá 10m

How to Detect AI-Generated Videos? A Review of Dynamic, Traceable, and Explainable Detection Systems

marsbitHá 10m

It Turns Out the First Real-World Application of AI x Crypto is in Security Auditing

The article explores the surprising trend where AI's first major impact on crypto has been in security auditing, not in areas like trading or analytics. It details how AI-powered tools are dramatically lowering the barrier to finding smart contract vulnerabilities, enabling attackers to scan thousands of contracts and execute exploits within minutes. This has rendered traditional, manually-produced audit reports with their month-long validity periods increasingly obsolete, creating a critical "structural crack" in the old security model. Cases like Drift Protocol and KelpDAO show that even extensively audited protocols can be hacked through social engineering, operational flaws, or infrastructure misconfigurations beyond pure code review. Attackers are also using AI to find and exploit vulnerabilities in years-old, deployed contracts. Notably, OpenZeppelin's co-founder has expressed a grim view that "all DeFi is insecure" due to AI's asymmetric advantage. In response, the audit industry is undergoing a fundamental shift. While there's a short-term spike in defensive re-audits, the long-term business model is changing. Firms are developing AI-assisted systems and moving from one-time report deliveries towards embedded, continuous services like real-time monitoring and formal verification. Examples include AI tools uncovering critical, previously missed vulnerabilities in heavily audited protocols like Curve Finance and Zcash. The conclusion is that security must become a continuous investment, not a one-time checkbox, and audit firms must rapidly evolve their tools and service models to survive.

marsbitHá 16m

It Turns Out the First Real-World Application of AI x Crypto is in Security Auditing

marsbitHá 16m

Never expected that the first tangible application of AI x Crypto is in security auditing

Unexpectedly, the initial major application of AI in the Crypto sphere has turned out to be security auditing. In 2026, DeFi has faced significant security challenges, with 121 hacking incidents resulting in approximately $942 million in losses. While AI was expected to first impact areas like quantitative trading, its initial breakthrough has instead transformed security auditing by drastically lowering the cost and skill barrier for finding smart contract vulnerabilities. The traditional audit model is facing obsolescence. Advanced AI models, such as Claude Mythos, enable attackers to scan thousands of contracts and identify vulnerability patterns at scale, compressing the time from discovery to execution to mere minutes. This renders the month-long validity of traditional audit reports ineffective. Notably, attacks now frequently target well-audited, established protocols by exploiting business logic flaws, operational security weaknesses, and even years-old historical contracts, demonstrating that old audit reports offer zero protection. This pressure is forcing a fundamental shift in the industry. In the short term, a wave of defensive re-auditing is occurring, driven by projects seeking to meet new AI-era security standards and regulatory requirements. In the long run, audit firms' business models are diverging. The one-time report delivery model is declining in value, as evidenced by platforms like Code4rena shutting down. Leading firms are now pivoting towards AI-powered defense, integrating continuous monitoring, real-time on-chain risk detection, and embedding security directly into the development phase, as seen with tools like OpenZeppelin's Skills system. Ultimately, the era of "audit once, secure forever" is over. Security must become a continuous, embedded infrastructure investment for projects. For audit companies, survival depends on proactively transforming from traditional service providers into platforms offering AI-native, ongoing security solutions.

链捕手Há 24m

Never expected that the first tangible application of AI x Crypto is in security auditing

链捕手Há 24m

$3M Exploit Hits Polymarket: Users to Receive Full Refunds After Third-Party Breach

Polymarket will fully reimburse users affected by a front-end exploit that stole approximately $3 million in crypto assets. The company stated the incident was not a flaw in its core protocol but a supply chain attack. A compromised third-party vendor injected a malicious script into the platform's front-end for a limited number of users, allowing the attacker to drain funds from about 15 wallets while they interacted with the site. The stolen assets, primarily Polymarket's pUSD stablecoin, were bridged to Ethereum and converted to roughly 1,893 ETH. This marks the second security incident for Polymarket in under two months, following a separate $700,000 loss. The event highlights growing risks associated with third-party dependencies in the crypto industry.

TheNewsCryptoHá 25m

$3M Exploit Hits Polymarket: Users to Receive Full Refunds After Third-Party Breach

TheNewsCryptoHá 25m

Trading

Spot

Artigos em Destaque

Como comprar SAGA

Bem-vindo à HTX.com!Tornámos a compra de Saga (SAGA) simples e conveniente.Segue o nosso guia passo a passo para iniciar a tua jornada no mundo das criptos.Passo 1: cria a tua conta HTXUtiliza o teu e-mail ou número de telefone para te inscreveres numa conta gratuita na HTX.Desfruta de um processo de inscrição sem complicações e desbloqueia todas as funcionalidades.Obter a minha contaPasso 2: vai para Comprar Cripto e escolhe o teu método de pagamentoCartão de crédito/débito: usa o teu visa ou mastercard para comprar Saga (SAGA) instantaneamente.Saldo: usa os fundos da tua conta HTX para transacionar sem problemas.Terceiros: adicionamos métodos de pagamento populares, como Google Pay e Apple Pay, para aumentar a conveniência.P2P: transaciona diretamente com outros utilizadores na HTX.Mercado de balcão (OTC): oferecemos serviços personalizados e taxas de câmbio competitivas para os traders.Passo 3: armazena teu Saga (SAGA)Depois de comprar o teu Saga (SAGA), armazena-o na tua conta HTX.Alternativamente, podes enviá-lo para outro lugar através de transferência blockchain ou usá-lo para transacionar outras criptomoedas.Passo 4: transaciona Saga (SAGA)Transaciona facilmente Saga (SAGA) no mercado à vista da HTX.Acede simplesmente à tua conta, seleciona o teu par de trading, executa as tuas transações e monitoriza em tempo real.Oferecemos uma experiência de fácil utilização tanto para principiantes como para traders experientes.

165 Visualizações TotaisPublicado em {updateTime}Atualizado em 2026.06.02

Discussões

Bem-vindo à Comunidade HTX. Aqui, pode manter-se informado sobre os mais recentes desenvolvimentos da plataforma e obter acesso a análises profissionais de mercado. As opiniões dos utilizadores sobre o preço de SAGA (SAGA) são apresentadas abaixo.