Skip to main content
Sign in

Saga EVM Blockchain

avoid.net/saga-evm-blockchain32/100·82% conf.
[AI-DRAFTED · AWAITING VERIFICATION]
anchored·22ssZV…n7Jm

Summary

Saga is a Layer-1 blockchain protocol designed to support application-specific chains (chainlets), with a focus on gaming and DeFi use cases. In January 2026, its SagaEVM chainlet suffered a critical exploit in which an inherited vulnerability in the Ethermint EVM codebase allowed an attacker to mint approximately $7 million in unbacked stablecoins, which were subsequently bridged to Ethereum and largely laundered through Tornado Cash. The broader Saga SSC mainnet, consensus layer, and validator set were not compromised, but the incident exposed material risks from deploying EVM compatibility layers built on unaudited inherited codebases.

Connected Entities

1 entities · 10 linked investigations
Organizations
Saga EVM Blockchain
Relationships
    Also appears in
    edgeX Exchange·28Mach-O Man Malware Campaign (Lazarus / Chollima)·0Gamma Strategies·28Alephium Bridge·18Bunni Protocol·28Trenton Johnston·0Lulo·55Thorchain DEX·28Crossmint·70Access Protocol·47
    Have evidence about Saga EVM Blockchain?

    Timeline(7 events)

    2024-04-09

    Saga mainnet and SAGA token launched; initial airdrop followed record $13.4 billion staked on Binance

    Decrypt

    2026-01-21

    Attacker deployed helper contract (0x7D69E4376535cf8c1E367418919209f70358581E) and executed exploit against SagaEVM's IBC precompile, minting approximately $7M in Saga Dollar stablecoins without collateral; stolen assets bridged to Ethereum and swapped to ETH via multiple DEXes

    Rekt News / Halborn

    2026-01-21

    Saga team halted SagaEVM chainlet at block 6,593,800; confirmed exploit and stated SSC mainnet and validators were unaffected; coordinated blacklisting of attacker addresses with exchanges and bridges

    The Block

    2026-01-21

    Cosmos Labs notified of vulnerability; began coordinating with affected chains to distribute patch for cosmos/evm before public disclosure

    cosmos/evm Security Advisory ASA-2026-002

    2026-01-24

    Attacker transferred Uniswap v4 LP NFTs to a secondary clean wallet (0xf891de97fa96839329381743f0d6180fcefe3f64) in an effort to further obscure fund trails

    Rekt News

    2026-01-24

    CertiK reported that $6.2 million of stolen funds had been deposited into Tornado Cash across five separate wallets

    Cryptopolitan

    2026-03-01

    Cosmos Labs issued public security advisory ASA-2026-002, disclosing the ICS20 Precompile vulnerability (fixed in cosmos/evm v0.6.0); confirmed all 15 affected chains had been patched or mitigated prior to disclosure

    cosmos/evm Security Advisory ASA-2026-002
    Provenance & Audit Trail
    Anchored on SolanaVerify on-chain

    Decision Log

    This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.

    full audit log →version history →

    model: claude-sonnet-4-6

    generated: 6/21/2026, 11:17:58 PM

    last updated: 6/21/2026, 11:18:06 PM

    avoid.net — verified advice for a post-truth world