Saga becomes latest victim in DeFi hacking spree

Saga has announced a pause of it’s Saga EVM blockchain in response to a hack which drained close to $7 million earlier today.

The scaling solution describes itself as a “gasless EVM environment that gives you the full Ethereum experience.” The wider Saga ecosystem purportedly includes web3 gaming, DeFi and AI agents.

X user rukawa.eth raised the alarm shortly after the attack, with blockchain security firm Decurity flagging the hack four hours later.

Saga’s official X account then confirmed the exploit, informing users that the chain is paused.

Read more: Gmak! Flash loan hack hits DeFi platform Makina for $5M 

With scant details around the incident, the root cause of the exploit remains unclear.

According to Decurity’s alert, the attacker “minted D tokens (Saga Dollar) out of thin air with a helper contract that abused IBC mechanisms with custom messages.”

However, “Onchain Investigator” Specter suggests the loss may be down to a private key compromise.

Whatever the cause, blockchain data shows that the stolen funds were bridged back to an Ethereum address as USDC.

In order to avoid being frozen, they were then swapped for native ether (ETH) via KyberSwap, 1inch and CoW Swap. The address currently holds around 2,089 ETH, valued at just over $6 million.

Other tokens, including YieldFi’s yUSD and yETH totalling around $850,000 were also bridged. These were then deposited to Uniswap liquidity pools.

Saga-based stablecoin D is down 25% since the hack, according to CoinGecko data. The exploiter’s Saga EVM address still contains over 12 million D tokens.

Read more: Legacy DeFi platforms lose $27M as hacking spree continues into 2026

DeFi danger

Today’s incident is the latest in what seems to be a resurgence of DeFi hacks in recent weeks.

Already this year, over $30 million has been stolen by hackers, with the majority ($26 million) lost by Truebit. Indeed, just yesterday, a pair of attacks hit DeFi platform Makina and gaming/AI project SynapLogic.

The trend appeared to pick up towards the back end of 2025, a year mostly dominated by larger exchange hacks.

However, beginning in December, a spate of older DeFi protocols have been targeted, with some suspecting an AI-aided exploiter may be dredging for previously unnoticed vulnerabilities.

Got a tip? Send us an email securely via Protos Leaks. For more informed news, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.