$7M Security Breach Forces Saga to Halt Chainlet Operations, Stablecoin Loses Peg
The protocol's dollar-pegged stablecoin has plummeted to $0.75, accompanied by a dramatic 55% decline in total value locked within a 24-hour period.
The Saga layer-1 blockchain protocol has suspended operations on its SagaEVM chainlet following a security breach that resulted in $7 million being illicitly bridged out and subsequently converted to Ether without authorization.
On Wednesday, the development team behind Saga revealed through a social media post on X that they had halted the chain compatible with Ethereum at block height 6,593,800 as a direct response to the security compromise.
The team provided additional details in a subsequent publication on Medium, explaining that their ongoing investigation has revealed the security breach appears to have "involved a coordinated sequence of contract deployments, cross-chain activity, and subsequent liquidity withdrawals."
"There has been no consensus failure, validator compromise, or signer key leakage. The broader Saga network remains structurally sound," they said, adding that it has launched additional safeguards to prevent similar attacks.
Attacker wallet identified, blacklist in progress
According to Saga, the security incident also impacted the platform's additional stablecoins known as Colt and Mustang, beyond just the SagaEVM chainlet. Operations will remain suspended while the engineering and security specialists conduct a thorough examination and release their comprehensive post-mortem analysis.
During this period, Saga's development team stated they have successfully identified the wallet address that received the stolen assets and are currently "working with exchanges and bridges to blacklist this address."
The protocol's main US dollar-pegged stablecoin, Saga Dollar, experienced a de-pegging event on Wednesday occurring at approximately 10:16 pm UTC, during which the token's value declined to $0.75, as reported by cryptocurrency data platform CoinGecko.
The total value locked (TVL) across the platform has experienced significant reduction as well. Data from DefiLlama indicates that Saga's TVL has plummeted from more than $37 million down to $16 million throughout the previous 24 hours.
Security researcher suspects infinite token mint
The development team at Saga has yet to release a comprehensive post-mortem report, meaning all external hypotheses regarding what caused the exploit remain without official confirmation.
A threat researcher known as Vladimir S stated that the malicious actor succeeded in minting Saga Dollar out of "thin air with a helper contract that abused IBC mechanisms with custom messages."
"By crafting custom messages or payloads, the contract bypassed validation in the precompile bridge logic, enabling infinite minting of $D tokens without collateral," he added.
At the same time, an individual conducting on-chain investigations who goes by the username Specter offered speculation that it appeared to "be the result of a private key compromise," though this person also acknowledged there is "Not much info."