Yuga Labs, the creator of Bored Ape Yacht Club, or BAYC, is investigating a phishing attack after a hacker stole nearly $2.5 million worth of NFTs via Bored Ape’s official Instagram account. The company revealed the hack while warning its followers not to click on links in the name of BAYC or mint new tokens.

🚨There is no mint going on today. It looks like BAYC Instagram was hacked. Do not mint anything, click links, or link your wallet to anything. — Bored Ape Yacht Club (@BoredApeYC) April 25, 2022

According to a screenshot shared by The Block, the hacker behind the attack stole 133 NFTs after using BAYC’s Instagram account to promote a fake airdrop. The scam promised people free tokens if they connected their MetaMask wallets to the site linked through the post.

What is not clear is how the hacker accessed the BAYC Instagram accountand Yuga Labs has yet to announce whether it will compensate those affected by the scam.

This morning, the official BAYC Instagram account was hacked. The hacker posted a fraudulent link to a copycat of the BAYC website with a fake Airdrop, where users were prompted to sign a ‘safeTransferFrom’ transaction. This transferred their assets to the scammer’s wallet. — Bored Ape Yacht Club (@BoredApeYC) April 25, 2022

“At the time of the hack, two-factor authentication was enabled and the security surrounding the IG account followed best practices,” the company said. “We have regained control of the account and we are investigating how the hacker got access to our Instagram.”

Among the stolen NFTs there are four Bored Apes. The most expensive token in the loot, Bored Ape 6623 (pictured above), recently sold for 123 Ethereum, making it worth roughly $354,500 at the current exchange rate. The four apes together are worth more than a million dollars. An estimate by Molly White, the creator of Web3 is Going Great, puts the value of the entire theft at more than $2.4 million.

Monday’s incident is the latest NFT theft involving a high-profile phishing attack. In February, more than two dozen OpenSea users lost access to about 250 tokens for an estimated value of more than a million dollars. In January, a scam within OpenSea also affected this well-known collection.