What happened
Staking contract, OTSeaStaking, hacked and lost 26k. Hacker exploited the contract’s logic flaw, which allowed him/her to call “withdraw” many times and got a lot more tokens than he staked.
The problem
In line 396 of OTSeaStaking.sol, you can see that deposit.amount is not handled properly (not decreased); therefore, one can deposit once and withdraw multiple times.
PoC
The PoC of this incident I wrote can be found here