As told by Bored Ape Yacht Club (BAYC) developers on Monday, hackers breached the popular nonfungible token (NFT) collection’s official Instagram page and shared links to a fake airdrop with the project’s followers.

Crypto enthusiasts who connected their MetaMask wallets to the scam website were subsequently drained of their Ape NFTs. It appears that the attack was planned to coincide with the one-year anniversary of the launch of the BAYC collection, thus increasing the “perceived credibility” of the phishing link.

Unconfirmed reports on social media indicate that approximately 100 NFTs were stolen during the phishing attack. Based on data from CoinGecko, the floor price of each BAYC NFT is around 139 Ether (ETH), or $400,726. Thus, if the reports are authentic, more than $40 million worth of assets have been lost in the attack. However, the numbers may only represent the lower end of the estimate, as it is based on the floor price. 

At the time of publication, it is unclear how hackers gained access to BAYC’s official Instagram account. While social media users point out the importance of two-factor authentication as an effective deterrent against unauthorized log-ins, others say that such methods are not entirely foolproof and can be, in fact, compromised via a SIM-card swap.

BAYC has grown to become an all-time favorite NFT collection in the crypto realm, generating more than $1 billion in sales in 2021. The collection’s supply is fixed at 10,000 NFTs. More than 38,748 ETH worth of Apes were traded on OpenSea in the past 30 days.