Multichain users who didn't update their approvals as instructed yesterday have been exploited and have lost 445 wrapped ether ($1.4 million), the project tweeted on Tuesday.
On Monday, Multichain instructed its users to remove approvals for six tokens and said otherwise their assets would be exposed to a security vulnerability. The tokens in question were WETH, PERI, OMT, WBNB, MATIC and AVAX.
Decentralized finance security firm Dedaub first found the flaw, which Multichain said it had fixed.
Because the users have to be the ones to remove the approvals, there isn't much Multichain can do, PeckShield told CoinDesk in a Twitter message.