Nike’s NFT brand RTFKT has been hit by a phishing attack that drained almost $200,000 worth of NFTs from the wallet of its CEO, Nikhil Gopalani. Gopalani tweeted about the attack on Tuesday, saying that he had lost a collection of NFTs, including Clone X NFTs and items from other collections.
According to OpenSea data, two wallets belonging to the attacker had stolen 19 CloneX NFTs worth over $138,000, 18 RTFKT Space Pods worth over $6,300, 17 Loot Pods worth $6,200, 11 CryptoKicks worth $3,000, 19 RTFKT Animus Eggs worth $20,200, and other items from Gopalani’s wallet. The only NFT that remained in Gopalani’s wallet was a Death Row Records NFT of the “Clone X Theme Song” worth around $59.
RTFKT CTO Samuel Cardillo said in a statement that they were unable to share more details about the hack “for legal purposes.” He added: “All I can say is: be aware that companies such as Microsoft, Apple, etc. will never ask you for your password, your private key, or any other forms of private information via phone or email.” Cardillo also hinted that a legal investigation may be underway, saying that a “lawful agency” needed to be able to “do an investigation properly.”
RTFKT is a virtual sneaker company that creates NFTs and digital sneakers for the metaverse. It was acquired by Nike in December 2021, and the sports giant also launched .SWOOSH, a Web3 platform for launching virtual apparel, in November of the same year.
NFT scams have reached record levels in 2022, with a steep increase in the number of phishing attempts targeting NFT community members. In June, the popular NFT collection Bored Ape Yacht Club (BAYC) lost ETH 200 worth of digital assets in an exploit, and NFT influencer Zeneca and NFT registration platform PREMINT also fell victim to hacks in mid-July. In an effort to combat spam and scams, Solana wallet provider Phantom introduced a feature in mid-August that burns spam NFTs sent by scammers.