Multichain users who did not update their approvals as instructed yesterday have been exploited and have lost 445 wrapped ether ($1.4 million), the project tweeted on Tuesday.

On Monday, Multichain instructed its users to remove approvals for six tokens otherwise their assets would be exposed to a security vulnerability. The tokens in question were WETH, PERI, OMT, WBNB, MATIC, and AVAX.Decentralized finance security firm Dedaub first found the flaw, which Multichain said it had fixed.Later on Tuesday, crypto security firm PeckShield revealed the wallet address where the stolen funds had been deposited. The address holds 455 ether as of the time of writing.Because the users have to be the ones to remove the approvals, there isn’t much Multichain can do, PeckShield told CoinDesk in a Twitter message.Multichain, formerly Anyswap, is a cross-chain bridge which raised $60 million in a seed round led by Binance Labs in December 2021.

Read more: Anyswap Rebrands to Multichain, Raises $60M Led by Binance Labs