Nike’s NFT Brand RTFKT COO Gets Hacked, Loses Nearly $200,000 in NFTs – Here’s What Happened
RTFKT COO Nikhil Gopalani has fallen victim to a “clever” phishing scheme that drained nearly $200,000 worth of NFTs from his wallet.
In a Tuesday tweet, Gopalani said he lost his collection of NFTs, which included Clone X NFTs and items from other collections, to a fraudster in an apparent phishing attack. He said:
“Hi Clone X community – I got hacked by a smart phisher (same phone number as apple ID) and sold all my clone x / some other nfts… Obviously quite upset and hurt by this and I haven’t really been able to to move all day.”
As of now, the wallet that appears to be linked to Gopalani has lost all of its NFTs except for one: a Death Row Records NFT of “Clone X Theme Song” worth about $59.
OpenSea data further shows that two wallets belonging to the attacker have stolen 19 CloneX NFTs worth over $138,000 combined, 18 RTKFT Space Pods (over $6,300 total), 17 Loot Pods ($6,200), 11 CryptoKicks ($3,000) ($20 , EggsTF0KT), $200 ), and more from Gopalani’s wallet.
When asked about the details of the hack, Samuel Cardillo, CTO of RTFKT, said they cannot go into details for “legal purposes.” He added:
“All I can say is: Be aware that companies like Microsoft, Apple, … will never ask you for your password, private key, or other forms of private information over the phone or email.”
Cardillo rejected an allegation that his response was “very corporate” and suggested a legal investigation may be underway, states on Twitter that “a legitimate agency” needed to be able to “properly conduct an investigation” as the reason why further details could not be shared.
RTFKT is a virtual sneaker company that makes NFTs and digital sneakers for the metaverse that was acquired by Nike in December 2021. Nike also launched .SWOOSH, a Web3 platform that will be used to launch virtual apparel such as t-shirts and sneakers for avatars, last November.
NFT fraud reaches record level in 2022
There was a sharp increase in the number of phishing attempts targeting NFT community members in 2022, amid a significant increase in the amount of DeFi hacks.
As reported, popular NFT aggregator Bored Ape Yacht Club (BAYC) lost ETH 200 worth of digital assets in an exploit in early June. NFT influencer Zeneca and NFT registration platform PREMINT also fell victim to hacks in mid-July.
In mid-August, in an effort to combat spammers, Solana wallet provider Phantom announced a new feature that will burn spam NFTs sent by fraudsters.