- Nikhil Gopalani, the COO of RTFKT has lost over $173,000 worth of NFTs in a hack
- The details of the hack have not been revealed but seem to involve a scammer pretending to be from Apple
- The hack is a reminder that even those with huge experience can still be victims
Nikhil Gopalani, the Chief Operating Officer (COO) of the Nike-acquired RTFKT has been the victim of a phishing attack that resulted in the loss of over $173,000 worth of NFTs from his wallet. Gopalani revealed on Twitter how a “clever phisher” had managed to gain access to his wallets, seemingly through his Apple account, although precise details were withheld due to an ongoing police investigation. The act is a warning that even those with huge experience in the space can still fall victim to such scams and that no security is 100% foolproof.
Hack Worth at Least $173,000
According to Etherscan, only $0.11 of ETH remains in the wallet linked to Gopalani. The attack involved the use of two wallets, which were used to drain NFTs including 19 CloneX NFTs worth over $138,000, 18 RTKFT Space Pods worth over $6,300, 17 Loot Pods worth $6,200, 11 CryptoKicks worth $3,000, 19 RTFKT Animus Eggs worth $20,200, and others.
The estimated value of Gopalani’s lost collection, which included a Murakami CloneX, is based on the floor price of each collection and may be higher.
Hey Clone X community – I was hacked by a clever Phisher (same phone # as apple ID) & sold all my clone x / some other nfts… Obviously pretty upset and hurt by this and I havent really been able to move all day. Hope people who bought my clones love them (being positive)
— Nikhil Gopalani (@Nikgopalani) January 3, 2023
Potential Apple Link Revealed
It is currently unclear how the phishing attack occurred, but RTFKT CTO Samuel Cardillo suggested that Gopalani may have accidentally provided confidential information to a hacker pretending to be an Apple representative. He stated that he couldn’t say much because a police investigation is ongoing, but did offer words of caution:
All I can say is: be aware that companies such as Microsoft, Apple, … will never ask you for your password, your private key nor any other forms of private information via phone nor emails.
The hack comes just a few days after long standing Bitcoin developer Luke Dashjr had ₿200 stolen from computers he thought secure, showing that even those with huge experience in the crypto world can still be victims.