Shutterstock; Rachel Mendelson/Insider
- NFT theft hit $100 million in the year that ended July 2022.
- This month, a Nike executive’s crypto wallet was looted after an apparent phishing attack.
- Experts said people can take a few simple steps to prevent theft.
One of Nike’s top virtual-collectibles executives had an estimated $173,000 of NFTs stolen from his crypto wallet this month.
Experts said it’s unlikely the assets will get recovered, but said there are simple ways to protect NFTs.
An NFT is essentially a digital collectible. Think of it like a virtual painting or baseball card.
On January 2, Nikhil Gopalani tweeted that he was hacked by a “clever” phisher. Gopalani is the chief operating officer of RTFKT (pronounced “artifact”), a buzzy digital collectibles company purchased by Nike and a critical part of the sportswear giant’s metaverse strategy.
—Nikhil Gopalani (@Nikgopalani) January 3, 2023
In a tweet, Gopalani said the phishers stole his Clonex NFTs and some other digital collectibles, including some “Cryptokicks.” Clonex NFTs are a collaboration between RTFKT and Nike. Cryptokicks are Nike’s first virtual sneakers.
Decrypt, a publication that covers web3, estimated the stolen NFTs were worth $173,000.
Gopalani and Nike didn’t respond to Insider’s requests for comment, but experts said the theft isn’t an indicator of fundamental underlying problems with RTFKT, NFTs, or the metaverse.
“It happens to everyone,” said Emmanuel Udotong, a former McKinsey analyst and CEO and cofounder of Shield, which provides security for web3, a version of the internet that uses blockchain, the distributed ledger that underpins NFTs.
“The takeaway should be that anyone can be scammed no matter how smart you are or how much experience you have in the space,” Udotong told Insider. “You have to take extra precautions.”
Udotong and Avivah Litan, a Gartner blockchain analyst, said it’s critical to be proactive because there aren’t many protections in place for people whose NFTs are stolen.
“It’s very early days for fraud protection on blockchain,” Litan told Insider. “You can see where the stolen goods go. That doesn’t mean you can get them back.”
The blockchain research firm Elliptic last year estimated $100 million in NFTs were stolen in the year ended July 2022, with the average scam resulting in a $300,000 loss.
Here are three easy steps Litan and Udotong said consumers can take to prevent NFT theft.
Always be on the alert.
“The only thing an average user can do is be completely diligent all the time,” Litan said. “Always be on the lookout. Always be suspicious.”
Banks are required to know their customers. NFT collectors should do the same. What do you know about the person on the other side of the transaction? Watch out for people who want to transact quickly and people who have accounts with low volume.
“Typically scams don’t do that much in volume,” Udotong told Insider.
The advice could have helped Gopalani, who seems to have been the victim of a phishing scam that came from a familiar phone number and Apple ID.
Don’t keep your digital assets in one place.
Financial advisers talk about diversification. The same advice applies to digital assets. Try to split them up between a few crypto wallets. If one gets hacked, the others should be safe.
Hardware wallets are another option.
“It’s like a little piggy bank for your crypto,” Udotong said.
Hardware wallets store keys to digital assets offline, making them inaccessible to cyber thieves.
Buy some tools.
Most consumers know about basic antivirus tools, like McAfee. There’s a growing suite of tools for digital assets, too.
What’s the big takeaway?
“Nothing is free in this world,” Udotong said. “Any time you get that euphoria spike, that, ‘I got to do it now,’ that is the exact opposite of what you should feel.'”