On June 20, blockchain security firm CertiK reported that a non-fungible token (NFT) based card game called Z-ERA had been exploited, resulting in a loss of $285,000. The exploit involved an externally-owned account (EOA) deploying an unverified contract to the game’s BNB Smart Chain address in order to steal funds.
According to CertiK, the attacker managed to obtain 1.8 million ZERA tokens, which were subsequently sold for approximately $285,000. Additionally, the attacker transferred 1178.5 BNB to TornadoCash. CertiK’s report indicated that this incident caused the price of the ZERA token to drop by 99%, although the exact price of the asset was not disclosed.
Data from CoinMarketCap reveals that ZERA initially traded on Pancake Swap for $13.00 following its launch on June 19. However, as of 10:00 p.m. UTC on June 13, the token is currently valued at $0.007. CoinMarketCap’s data further shows that ZERA had a total circulating supply of 6.58 million tokens, meaning that the theft of 1.5 million ZERA tokens accounted for approximately 27% of the token’s supply. The exploit occurred shortly after the project announced the launch of its game and token on June 18, following the release of an associated app on June 15.
As of now, Z-ERA has not issued any statement regarding the hack, and attempts by CryptoSlate to reach out to the project have been unsuccessful. CryptoSlate has also sought comments from both Z-ERA and CertiK but has not received a response at the time of publication.