A major SagaEVM exploit forced the layer-1 (L1) blockchain to pause its Ethereum-compatible chainlet as it had lost nearly USD 7 million in USDC, yUSD, ETH, and tBTC, which had been drained and bridged to the Ethereum blockchain. The incident led to the de-pegging of its native stablecoin (USD Saga) and an emergency halt of the network.
Details of the Event and Follow-Up Investigations
In response to the SagaEVM exploit, the team decided to pause the chain at block height 6593800, cease all transactions, and prevent further unauthorized withdrawals of funds. The wallet used by the exploiter has been identified as 0x2044697623afa31459642708c83f04ecef8c6ecb. Saga is working with exchanges and bridges to get this wallet blacklisted.
This hack has hurt confidence in the Saga Dollar Stablecoin, which has fallen to $0.75, causing Total Value Locked (TVL) that was over USD 37 million to fall to around $16 million within 24 hours of the attack, according to DeFiLlama.
The Suspected Attack Vector and Broader Implications
Based on early investigations, it appears that the hack originated from a complex contract-level error (flaw), rather than compromising validators involved with processing transactions within the Inter-Blockchain Communication (IBC) process. Security research suggests that the attacker was able to craft a custom message to bypass validation in the bridge’s precompile logic, enabling an infinite mint of Saga Dollar tokens “out of thin air” with no proper collateral. This would account for the extreme, fast depeg, and significant fund outflow from the ecosystem.Â
At the same time, the SagaEVM exploit demonstrates that new and unique levels of vulnerabilities come to appear with these types of implementations and cross-chain architectures, where a vulnerability in one component (the bridge) can undermine the entire economic system of a chainlet.
