The Register reports that almost $3 million worth of non-fungible tokens have been exfiltrated by threat actors that hacked into the Instagram account of the Bored Ape Yacht Club, who then posted a link redirecting to a spoofed website aimed at asset harvesting. BAYC, which sells various photos depicting apes in different poses and costumes for crypto-coins, has already warned users against minting, clicking links, or linking their wallets in the aftermath of the attack. Notifications to impacted users are already underway, according to a spokesperson for Yuga Labs, which created BAYC, who added that the NFT collection's Instagram account had two-factor authentication enabled and had "tight" security practices. "Yuga Labs and Instagram are currently investigating how the hacker was able to gain access to the account," the spokesperson added. The attack comes after BAYC had its Discord server breached, resulting in the theft of one NFT, as reported by PeckShield.