The Register reports that almost $3 million worth of non-fungible tokens have been exfiltrated by threat actors that hacked into the Instagram account of the Bored Ape Yacht Club, who then posted a link redirecting to a spoofed website aimed at asset harvesting.
BAYC, which sells various photos depicting apes in different poses and costumes for crypto-coins, has already warned users against minting, clicking links, or linking their wallets in the aftermath of the attack.
Notifications to impacted users are already underway, according to a spokesperson for Yuga Labs, which created BAYC, who added that the NFT collection's Instagram account had two-factor authentication enabled and had "tight" security practices.
"Yuga Labs and Instagram are currently investigating how the hacker was able to gain access to the account," the spokesperson added.
The attack comes after BAYC had its Discord server breached, resulting in the theft of one NFT, as reported by PeckShield.
This week in the Security News: When you just wanna hurl, malicious containers, FCC bans stuff, these are not the CVE's you're looking for, Linux password mining, mind the gap, hacking smart watches, & more!
The Cyber Safety Review Board — launched earlier this year, led by DHS and composed of top federal cybersecurity officials and private sector experts — will examine the tactics the group has used to break into the networks of some of the largest businesses in the world and develop “actionable recommendations” to protect organizations, customers and employees.