RTFKT is one of the world’s most profitable next-gen crypto brands that Nike acquired in December 2021. The brand produces digital wearables and collaborates with Takashi Murakami to create content. Apparently, a phishing attack on Monday led to Gopalani losing many of his NFTs.
Gopalani posted on Twitter, “Hey Clone X community – I was hacked by a clever phisher (same phone number as Apple ID) who sold all of my Clone Xs and some other NFTs.”
“Obviously, I’m pretty upset and hurt about this and haven’t been able to move all day,” he said. “I hope my clones are loved by those who bought them (being positive).”
A wallet associated with Gopalani, as of the time of writing, appears to have lost all its NFTs except one: an NFT of the “Clone X Theme Song” from Death Row Records worth about $59. According to Etherscan, the wallet contains only $0.11 of ETH.
As per OpenSea data, the attacker depleted nearly $173,000 in NFTs from Gopalani’s wallet using two wallets (wallet 1 & wallet 2), including 19 CloneX NFTs worth more than $138,000, 18 RTKFT Space Pods (over $6,300 total), 17 Loot Pods ($6,200), 11 CryptoKicks ($3,000), 19 RTFKT Animus Eggs ($20,200), and more.
It’s important to note that these are lowball estimates calculated based on each collection’s floor price, so Gopalani’s former holdings, including a Murakami CloneX, #17088, could resell for much more. Regarding the estimated value of Gopalani’s lost collection, RTFKT has yet to respond.
One of the attackers’ wallets appears empty at this writing, whereas the other still contains many of the COO’s assets.
There is no clear explanation for how the phishing attack occurred. However, RTFKT CTO Samuel Cardillo suggests that Gopalani may have unwittingly provided confidential information to a hacker pretending to be an Apple representative.
In response to the hack, Cardillo said he couldn’t go into further details for legal reasons.
“Be aware that companies like Microsoft and Apple will never ask for your password, private key, or any other form of private information over the phone or via email.”
According to Cardillo on Twitter, the reason why further details couldn’t be shared was that “a lawful agency” needed to be able to “do the investigation properly,” which is why he felt it was necessary to reject the accusation that his response was “very corporate” and implied that a legal investigation might be underway.
Currently, CloneX #17088 remains Gopalani’s Twitter profile picture. It has already been traded twice since his wallet was emptied yesterday. The NFT has now been acquired by the owner of lyx.eth, who also owns two other CloneX NFTs.
In a message, lyx.eth said they were unaware they were buying the COO’s stolen NFT and had been looking to buy an NFT like Gopalani’s for “over half a year.”
A response has already been sent by RTFKT to try to retrieve the stolen NFT, Lyx said.
The RTFKT has been in touch with me, but I still need to decide what to do,” Lyx said. He said he is unsure whether to sell or return the NFT, but he will hold it off for now.