The layer-one blockchain protocol Saga paused one of its networks after a $7 million hack. As a result of the attack, the perpetrators withdrew funds through a bridge and converted them to Ether.
The Saga team reported this in a post on X on Wednesday. According to them, the Ethereum-compatible network was halted at block 6,593,800 immediately after the incident was discovered.
Later, in a separate post on Medium, the developers said that, according to preliminary data, the attack was planned. It involved deploying contracts, cross-chain operations, and subsequent liquidity withdrawal.
The team emphasized that there was no consensus failure. Validators were not compromised, and no signer key leaks were recorded. The main Saga network continues to operate normally. The project has also already implemented additional security measures to reduce the risk of similar attacks in the future.
The Attacker’s Wallet Has Already Been Identified
In addition to the SagaEVM network, the incident also affected other stablecoins on the platform. According to Saga, Colt and Mustang were also impacted. The network will remain paused until the engineering team completes its review and a full report on the causes of the attack is published.
While the investigation is ongoing, the Saga team said it has already identified the address to which the funds were withdrawn. The project is now working with exchanges and bridges to blacklist this address.
The protocol’s main stablecoin, Saga Dollar, also lost its peg to the dollar. This happened on Wednesday around 22:16 UTC, when the token price dropped to $0.75, according to CoinGecko data.
Against the backdrop of the incident, the TVL metric also dropped. According to DefiLlama, over the past 24 hours, the total value locked in the Saga network fell from more than $37 million to $16 million.
Analysts Suggest Unlimited Token Minting
The Saga team has not yet published a final report on the causes of the attack. All versions put forward by outside experts remain unconfirmed at this time.
Threat researcher Vladimir S. believes that the attacker may have been able to mint Saga Dollar essentially out of thin air. According to him, an auxiliary contract was used for this, which abused IBC mechanisms and custom messages.
“The contract allowed bypassing bridge logic checks through special messages. As a result, it became possible to mint $D tokens infinitely without any collateral,” he explained.
At the same time, on-chain researcher known as Specter put forward a different version. In his opinion, the incident could be related to a compromised private key. However, he noted that there is not enough information on this yet.
