Among the recent on-chain exploits is one involving the decentralized network Cosmos. Hackers did not directly exploit Cosmos; instead, their target was on the Saga chain built on the Cosmos EVM stack. Now, the news is that the team has identified the root cause of the exploit.
Vulnerability on Cosmos EVM stack
Cosmos Labs, the firm behind Cosmos, announced the reason why its EVM chain, Saga, was hacked. Typically, they found out that a vulnerability on the Saga chain caused the major exploit. The attackers mainly abused how some chains validated transactions across chains.
That critical flaw let hackers allow invalid messages to be accepted from chains even though they were not properly verified. These fake chains accepted messages and acted like minting tokens, resulting in $7 million worth of the network’s stablecoin, Saga Dollar.
In response to the hack, a crypto enthusiast wrote that an incident is not always the end of the story for infrastructure like Cosmo/Saga. This can be a moment when a “project proves itself worthy of trust for the first time.”
Saga EVM chain hack on Cosmos
On January 21, 2026, hackers got a grip on the Saga EVM chain by crafting fake bridge messages saying the vulnerable chain is considered legitimate. Using spoofed messages, the attacker drained millions’ worth of stablecoin without depositing real collateral.
The newly minted or drained tokens were then bridged to Ethereum and exchanged for ETH and other digital assets through decentralized exchanges such as CowSwap, 1inch, and Uniswap. Moreover, a major portion of the tokens minted was sent to privacy mixers, including Tornado Cash.
As time moves on, DeFi hacks are becoming very prevalent. In 2025, hackers stole nearly $2.9 billion in digital assets. In 2025, crypto exploits caused a nearly $2.9 billion loss, which is 46% higher compared to 2024. Nearly 126 DeFi security incidents were reported last year, resulting in nearly $649 million in losses. According to security platform Immunefi, DeFi protocols constitute crypto security incidents, whereas centralized exchanges experience fewer attacks.
