Saga was the latest project to be targeted in a DeFi hack for January. The platform lost several tokens, with $6M in ETH.
Saga EVM was exploited, resulting in a loss of at least 2,000 ETH valued at around $6M and the halting of the network. The exploit is among the emerging significant attacks against DeFi, which accelerated in 2025 and continued into the new year.
The exploit originated in Saga’s own infrastructure, and did not come from the Oku or Uniswap exchanges, which carry some of Saga’s assets, per reports.
We’re aware of the incident on Saga and are monitoring closely.
Initial findings indicate the issue originated at Saga’s core infrastructure, not Oku or the Uniswap contracts.
The Saga EVM is currently halted, and there’s no action required from users until the chain resumes.… https://t.co/VEmq6WmEC7
— Oku 🐼 (@okutrade) January 21, 2026
The Saga attack involved the unauthorized minting of Saga Dollar (D) tokens. The attacker bridged the tokens to Ethereum, managed to buy over 2,000 ETH, while trading the remaining stablecoins through Uniswap V4.
The total losses are estimated at $6.8M, as new D stablecoins were minted without any real collateral.
Saga pauses protocol for investigation
Saga suffered more than the direct loss, as the protocol’s TVL crashed from over $36M to $21M. Immediately after the exploit, Saga paused all activities to investigate the vulnerability.
SagaEVM has been paused at block height 6593800 in response to a confirmed exploit on the SagaEVM chainlet.
Mitigation is underway, and the team is fully focused on a solution.
Further updates will follow once details are confirmed.
— Saga ⛋ (@Sagaxyz__) January 21, 2026
Unauthorized token minting is one of the common exploits, which may be due to a smart contract bug. The contract was intended to bridge assets between Saga and Ethereum, allowing the hacker to withdraw more than the available balance of stablecoins.
The ETH from the exploit is still held in a single address and has not been moved or mixed. The exploiter still holds a remaining D stablecoin balance of over $12M, in addition to smaller amounts of tokens.
The stalled Saga protocol means the attacker cannot trade any more D stablecoins on the native chain. However, the protocol and the chain are now frozen and may take a while to recover their value locked in apps and the platform’s DeFi market share.
Saga Dollar de-pegs after the exploit
Following the exploit, the relatively illiquid D stablecoin de-pegged and fell to all-time lows. The asset crashed to $0.75, further damaging the project’s stability and reputation.
D was launched in early December 2025, expanding its supply to over 6M tokens. The asset was only traded on Saga’s internal Oku Trade market.
Saga also has a native version of Uniswap, which allowed the hacker to cash out some of the stablecoins. Following the exploit, the Saga version of Uniswap lost most of its value locked.
D is the only stablecoin on Saga, with no other bridged assets. The network is yet another relatively new launch, which suffered an exploit while still growing its DeFi sector.
SAGA tokens were already trading near an all-time low, and sank further to $0.053 after the announcement of the exploit. The tokens have been sliding since their launch in May 2024.
The smartest crypto minds already read our newsletter. Want in? Join them.
Source: https://www.cryptopolitan.com/saga-evm-hacked-for-over-6m-in-eth/