RTFKT COO Nikhil Gopalani starts the new year with an empty crypto wallet.
RTFKT is the massively profitable next generation crypto token acquired by Nike in December 2021 making waves in the digital wearable space and created content with artist Takashi Murakami. Gopalani lost his vast treasure trove of NFTs to a fraudster in an apparent phishing attack on Monday.
“Hey Clone X community – I got hacked by a smart phisher (same phone number as Apple ID) [who] sold all my Clone X / some other NFTs,” Gopalani so on Twitter.
“Obviously quite upset and hurt by this and I haven’t really been able to move all day,” he continued. “Hope people who bought my clones love them (to be positive).”
At the time of writing, the wallet that appears to be linked to Gopalani has lost all of its NFTs except one: a Death Row Records NFT of “Clone X Theme Song” worth about $59. Etherscan shows that only $0.11 of ETH is left in the wallet.
According to OpenSea data, the attacker used two wallets to drain NFTs worth well over $173,000 from Gopalani’s wallet, including 19 CloneX NFTs worth over $138,000 combined, 18 RTKFT Space Pods (totaling over $6,300), 17 Loot Pods ($6,200), 11 CryptoKicks ($2,000, Egg, 2000) ), and more.
It’s worth noting that these values are low estimates calculated using each collection’s floor price, so Gopalani’s previous holdings—which included a coveted Murakami CloneX, #17088—could sell for much more. RTFKT has not yet responded to Decryptits request for comment regarding the total estimated value of Gopalani’s lost collection.
One of the attackers’ wallets now appears to be empty at the time of writing, while the other still has many of COO’s assets publicly visible.
While it is currently unclear exactly how the phishing attack occurred, a response from RTFKT CTO Samuel Cardillo suggests that Gopalani may have accidentally provided confidential information to a hacker posing as an Apple representative.
“For legal purposes, we will not be able to go into deeper details until further notice,” Cardillo said in response to the hack.
“All I can say is: Be aware that companies like Microsoft, Apple will never ask you for your password, your private key or any other form of private information over the phone or email.”
Cardillo rejected one accusation that his response was “very corporate” and suggested a legal investigation may be underway, states on Twitter that “a legitimate agency” needed to be able to “properly conduct an investigation” as the reason why further details could not be shared. Cardillo declined to answer Decryptits request for comment.
CloneX #17088, which remains Gopalani’s Twitter profile picture, has already changed hands twice since his wallet was emptied a day ago. NFT now belongs holder by lyx.eth, which also owns two other CloneX NFTs.
In another message Decrypt, lyx.eth said they were unaware they were buying the COO’s stolen NFT and had been looking to buy an NFT like Gopalani’s for “over half a year”.
According to Lyx, RTFKT has already reached out to try to get the swiped NFT back.
“I’ve talked to someone from RTFKT, but I have to think about what to do,” Lyx told me Decrypt.
When asked if he could sell or give the NFT back, Lyx said they weren’t sure.
“Def going to hold it for now,” they said.
RTFKT and Gopalani are yet to respond Decrypttheir requests for comment.
Stay up to date on crypto news, get daily updates in your inbox.
