Layer-1 blockchain protocol Saga has paused its SagaEVM chainlet after it suffered a $7 million exploit that saw unauthorized funds bridged out and converted into Ether.
The Saga team announced in an X post on Wednesday that it had paused the Ethereum-compatible chain at block height 6,593,800 in response to the exploit.
In a follow-up Medium post, the team said as part of the ongoing investigation, they have found the security incident appears to have “involved a coordinated sequence of contract deployments, cross-chain activity, and subsequent liquidity withdrawals.”
“There has been no consensus failure, validator compromise, or signer key leakage. The broader Saga network remains structurally sound,” they said, adding that it has launched additional safeguards to prevent similar attacks.
Attacker wallet identified, blacklist in progress
Along with the SagaEVM chainlet, the platform’s other stablecoins, Colt and Mustang, were also affected, according to Saga. The chain will stay paused until after engineering and security teams investigate further and publish their full post-mortem.
In the meantime, the Saga team said they had identified the address where the funds were sent and are “working with exchanges and bridges to blacklist this address.”
Saga Dollar, the protocol’s primary US dollar-pegged stablecoin, de-pegged on Wednesday at around 10:16 pm UTC, when its price dropped to $0.75, according to crypto data aggregator CoinGecko.
The platform’s total value locked (TVL) has also fallen. DefiLlama estimates Saga’s TVL has dropped from over $37 million to $16 million over the last 24 hours.
Security researcher suspects infinite token mint
The Saga team has not yet published a post-mortem, and all third-party theories about the exploit’s cause remain unconfirmed.
Related: Fake MetaMask 2FA security checks lure users into sharing recovery phrases
Vladimir S, a threat researcher, said the attacker was able to mint Saga Dollar out of “thin air with a helper contract that abused IBC mechanisms with custom messages.”
“By crafting custom messages or payloads, the contract bypassed validation in the precompile bridge logic, enabling infinite minting of $D tokens without collateral,” he added.
Meanwhile, an on-chain investigator under the handle Specter speculated it appeared to “be the result of a private key compromise,” although also conceded there is “Not much info.”
Magazine: Meet the onchain crypto detectives fighting crime better than the cops
