The ORE Protocol team has identified a bug in its staking smart contract, which allowed hackers to unfairly claim around 25.5 SOL tokens in yield.According to the official statement, the bug was present in the isolated smart contract, and there was no major exploitation.Users will need to migrate to the new staking smart contract in order to generate rewards.On June 17, ORE protocol revealed a bug present in the staking program and quickly responded to fix the issue. However, the security incident in a smart contract present on the Solana blockchain has allowed hackers to steal 25.5 SOL tokens from the protocol yield mechanism, which is worth around $2,215.“All User Deposits Are Safe,” ORE Team Ensures After Security IncidentORE, which is a proof-of-work-like mining protocol on the Solana, unveiled details related to the security incident through a post on X. The team confirmed that they had identified “an attack on the stake program leading to unfair yield distribution.” However, the damage was small in comparison to recent cyber attacks on the DeFi platforms.The team ensured that “All user deposits are safe. There is no risk of loss of funds.”ORE protocol clarified that this security incident was linked to the isolated smart contract bug in the staking program, and it did not affect the network or main mining system. “The stake program isolates user funds. Each stake account has an independent token account, meaning the attacker was unable to steal deposits from other users. The stake program has sufficient reserves to cover all valid user deposits and yield claims. The impact was limited only to unfair yield distribution,” stated in the official post shared on X.On the protocol, users stake their SOL or ORE tokens in smart contracts linked to the protocol’s grid-based mining game. In this mining space, miners take place on a 5×5 grid to generate rewards. Apart from this, the staking mechanism on the protocol allows them to generate yields. However, like many other DeFi protocols, it has some risks if smart contracts are not fully audited.ORE Protocol Asks Users to Migrate to New Smart Contract According to the official statement, the bug was located in the smart contract code for the staking program. By using this bug, hackers have unfairly claimed 25.5 SOL tokens after inflating their recorded stake balance without actually depositing tokens. This is a very small amount in comparison to major hacks, and the ORE team has managed to avoid further exploitation of the protocol with quick security measures.The team stated that individual user staking contracts were not affected in the cyber attack, and no major funds were stolen from the user.After the issue came to notice, ORE protocol maintainers quickly froze all yield transfers from the mining program to the staking program on June 15, 2026. During this time, the hacker has inflated the stake balance of around 6% of the total stake pool.In order to avoid any further exploitation of funds, the team has suggested that all users with existing stakes in the old smart contracts must withdraw their funds, and they must migrate to a new staking contract to earn rewards.Apart from this, the ore-lst liquid staking program (stORE) is also frozen and depends on the affected stake program. The ORE team has also created a new stORE token contract as part of the migration. It means that users with stORE tokens will also need to exchange them for new stORE mint as a part of the process.The post stated that, “Funds held in the stake program are secured by user wallets alone. Protocol maintainers do not hold upgrade authority over the staking or stORE contracts, and thus cannot migrate stake on users’ behalf. A one-click migration process has been provided on the Stake page of the official ORE app.”This cyber attack is a classic smart contract bug, which is most likely related to issues such as poor account handling, revival attacks that reuse closed accounts, or validation gaps, which are common on Solana. In the past, ORE has also faced network congestion due to high user demand; however, it has been fixed on V2 with better mechanisms.In the last few months, the DeFi sector has faced major cyberattacks, including the Kelp DAO attack, in which users lost millions of dollars, affecting the overall DeFi ecosystem.