•RTFKT COO Nikhil Gopalani lost his entire NFT collection in a phishing attack on Monday.
• The attacker made off with over $173,000 worth of NFTs, including 19 CloneX NFTs and 18 RTKFT Space Pods.
• RTFKT has not yet responded to Decrypt’s request for comment regarding the total estimated value of Gopalani’s lost collection.
• CTO Samuel Cardillo suggested that Gopalani may have accidentally provided confidential information to a hacker who was posing as an Apple representative.
• The attackers’ wallets are still holding many of the COO’s assets in public view.
It is unfortunate that Nikhil Gopalani, the COO of RTFKT, fell victim to a phishing attack on Monday and lost his entire NFT collection. Phishing attacks have become increasingly more sophisticated and common in recent years and are one of the biggest risks associated with accessing digital platforms. In this case, what’s particularly heartbreaking is that Mr. Gopalani had put a lot of resources into acquiring a rare set of NFTs so as to illustrate his passion for collecting digital artwork.
It goes without saying that such losses are especially harsh given their highly irreplaceable nature. The events that led up to this unfortunate incident should serve as a reminder to us all to be ever vigilant when making digital purchases or accessing our cryptocurrency wallets online.
Hey Clone X community – I was hacked by a clever Phisher (same phone # as apple ID) & sold all my clone x / some other nfts… Obviously pretty upset and hurt by this and I havent really been able to move all day. Hope people who bought my clones love them (being positive)
— Nikhil Gopalani (@Nikgopalani) January 3, 2023
Details About the Attack
Gopalani reported that his entire NFT collection – estimated to be worth around $10 million – had been stolen from his personal wallet. While he was unable to provide specifics about how the hackers gained access to his assets, it is believed that they were able to compromise his private keys or gain access through a social engineering attack. It is also thought that some of the stolen assets are still being held in public view within wallets owned by the attackers.
In response to the incident, RTFKT CTO Samuel Cardillo released a statement saying that “while we are still trying to understand exactly what happened in this instance, we are actively implementing additional measures to ensure all our users’ accounts remain secure.”
The hack on Gopalani’s wallet resulted in a multi-faceted loss. This hacker appears to have been successful in draining the wallet of all but one NFT: a Death Row Records ‘Clone X Theme Song’ worth about $59. Etherscan confirms that only $0.11 of ETH has been left behind. OpenSea data outlines what was taken; the most valuable items being the 19 CloneX NFTs estimated at over $138,000 combined, followed by 18 RTKFT Space Pods worth over $6,300 total. With floor prices used to calculate overall values, it cannot be known just how much Gopalani truly lost from their prized collection, including Murakami CloneX #17088 which could resell for much more than estimated. RTFKT has yet to comment on the estimated value of Gopalani’s collection.
For legal purposes, we won't be able to go in deeper details until further notice. All I can say is: be aware that companies such as Microsoft, Apple, … will never ask you for your password, your private key nor any other forms of private information via phone nor emails.
— SamuelCardillo.eth – RTFKT (@CardilloSamuel) January 3, 2023
Implications of the Attack
This attack raises serious questions about how secure our NFTs really are and what further steps can be taken by both collectors and platforms to prevent similar incidents from occurring in the future. Although decentralized exchanges already employ a variety of security measures such as two-factor authentication (2FA), it may be necessary for collectors themselves to take additional precautions such as encrypting their wallets or using hardware wallets like Ledger or Trezor. Additionally, platforms should consider introducing additional measures such as multi-signature authorization for large-scale transfers or increased KYC/AML requirements for high-value transactions.
The recent attack on RTFKT COO Nikhil Gopalani’s NFT collection highlights one of the major risks associated with digital asset ownership—the risk of theft from malicious actors who are looking to capitalize on vulnerable wallets and collections. As more people flock towards digital assets such as NFTs, it is important for both collectors and platforms alike to implement additional security measures in order to protect against future attacks. By taking these steps now, we can help ensure that everyone’s digital assets remain safe and secure going forward.
