A bug in the ORE staking program allowed attackers to claim excess yield, draining approximately $2,100.
ORE, a Solana-based staking and yield protocol, experienced a smart contract vulnerability in its staking program. The bug allowed malicious actors to repeatedly claim yield rewards beyond their entitled share. The exploit resulted in a relatively small drain of approximately $2,100 worth of assets. The ORE team acknowledged the issue and pushed a contract patch to prevent further abuse.
Due to the small amount (~$2,100), the attacker(s) moved funds through standard Solana DEX swaps into SOL and stablecoins. No mixer or bridge usage has been documented. No freezing or recovery actions were reported given the low value.