Owners of Bored Ape Yacht Club (BAYC) NFTs have been hacked after clicking a link they shouldn’t have, giving ne’er-do-wells access to their wallets.

The incident has been traced back to a hack which saw the BAYC Instagram and Discord channels compromised by an as-yet unknown entity. With these breached accounts, the hacker was able to post a mint link which claimed users could mint digital land in the OthersideMeta, another project from Yuga Labs.

The link actually allowed the hacker to gain access to the wallets of those who clicked it and, according to Coindesk, an estimated 4 Bored Apes, 6 Mutant Apes and 3 Bored Ape Kennel Club NFTs were stolen, representing approximately $3 million in value.

“The hacker posted a fraudulent link to a copycat of the Bored Ape Yacht Club website, where a safeTransferFrom attack asked users to connect their MetaMask to the scammer’s wallet in order to participate in a fake Airdrop,” a spokesperson for BAYC told Coindesk.

It is unclear how the hacker was able to gain access to the Instagram and Discord accounts but Yuga Labs together with Instagram are investigating the matter. What is odd is that multi-factor authentication was enabled for the BAYC Instagram account.

Control of the account has been re-established by the folks at BAYC who are also establishing contact with affected users.

What makes this breach that much worse is that the hacker leveraged the fact that OthersideMeta was set to launch this week. This meant that folks would’ve been gagging to get in on the action. It’s also unclear how long the fake links were visible before Yuga Labs alerted users or what other sort of data the hacker was able to grab during the compromise.

For now though, it looks like that BAYC trilogy of short films will likely have to go on the back burner.