Saga Hack

On January 21, 2026, Layer-1 protocol Saga paused its SagaEVM chainlet after a roughly $7 million exploit, per PeckShield. The Saga team described a coordinated sequence of contract deployments, cross-chain activity, and subsequent liquidity withdrawals, with the attacker bridging out unauthorized funds and converting them to Ether. The chain was halted at block height 6,593,800 while the team investigated. The incident illustrated how programmable, application-specific chains expand the attack surface to the chainlet and bridging layers, and reinforced the importance of monitoring cross-chain flows, rate-limiting or delaying large bridge withdrawals, and maintaining tested halt mechanisms to contain coordinated multi-step attacks.