RTFKT COO Nikhil Gopalani is starting the New Year with an empty crypto wallet.

RTFKT is the massively profitable next-gen crypto brand acquired by Nike in December 2021 that’s making waves in the digital wearable space and created content with artist Takashi Murakami. Gopalani lost his massive treasure trove of NFTs to a scammer in an apparent phishing attack Monday.

“Hey Clone X community—I was hacked by a clever phisher (same phone # as Apple ID) [who] sold all my Clone X / some other NFTs,” Gopalani said on Twitter. 

“Obviously pretty upset and hurt by this and I haven’t really been able to move all day,” he continued. “Hope people who bought my clones love them (being positive).”

At time of writing, the wallet that appears to be linked to Gopalani has lost all its NFTs except for one: a Death Row Records NFT of the "Clone X Theme Song" worth about $59. Etherscan shows that only $0.11 of ETH remains in the wallet.

According to OpenSea data, the attacker used two wallets to drain well over $173,000 worth of NFTs from Gopalani’s wallet, including 19 CloneX NFTs worth over $138,000 combined, 18 RTKFT Space Pods (over $6,300 total), 17 Loot Pods ($6,200), 11 CryptoKicks ($3,000), 19 RTFKT Animus Eggs ($20,200), and more.

It’s worth noting that these values are lowball estimates calculated using each collection’s floor price, so Gopalani’s former holdings—which included a coveted Murakami CloneX, #17088—could resell for much more. RTFKT has not yet responded to Decrypt’s request for comment regarding the total estimated value of Gopalani’s lost collection.

One of the attackers’ wallets now appears empty at time of writing, while the other still holds many of the COO’s assets in public view.

While it’s currently unclear exactly how the phishing attack occurred, a reply from RTFKT CTO Samuel Cardillo suggests that Gopalani may have accidentally provided confidential information to a hacker who was posing as an Apple representative. 

“For legal purposes, we won't be able to go in deeper details until further notice,” Cardillo said in response to the hack. 

“All I can say is: be aware that companies such as Microsoft, Apple, will never ask you for your password, your private key nor any other forms of private information via phone nor emails.”

Cardillo rejected an accusation that his response was “very corporate” and implied that a legal investigation may be underway, stating on Twitter that “a lawful agency” needed to be able to “do an investigation properly” as the reason why further details could not be shared. Cardillo declined to respond to Decrypt's request for comment.

CloneX #17088, which remains Gopalani’s Twitter profile picture, has already changed hands twice since his wallet was drained a day ago. The NFT now belongs to the holder of lyx.eth, who also owns two other CloneX NFTs.

In a message to Decrypt, lyx.eth said they were unaware that they were buying the COO’s stolen NFT and had been looking to buy an NFT like Gopalani’s for “over half a year.”

According to Lyx, RTFKT has already reached out to try to get the swiped NFT back.

“I’ve been talking with some people from RTFKT but I need to think about what to do,” Lyx told Decrypt.

When asked if he might sell or give the NFT back, Lyx said they weren’t sure.

“Def going to hold it for now,” they said.

RTFKT and Gopalani have not yet responded to Decrypt’s requests for comment.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.