Around $476,000 of the “Proof of Credit” altcoin NULS was stolen by hackers, the NULS team confirmed in a tweet Sunday. The hackers exploited a security vulnerability in a previous version of NULS—NULS 2.2—which has since been fixed in an upgrade.

There’s one problem, though; “As a result of these conservative security measures, there may be some NULS assets inadvertently locked on one of the major exchanges wallets,” wrote the team.

NULS said that the mainnet was compromised through a vulnerability in the “NULS transaction signature verification logic.” The hacker(s) then used a “sophistically constructed transaction” to trick the node into giving them 2 million NULS from the team’s account.

Of the $476,000, or 2 million NULS, 548,354 NULS (around $130,000) has entered the trading market. NULS has requested that exchanges freeze these funds, but in Sunday’s tweet said they “couldn’t be traced.” The team will destroy the remaining 1,451,645 NULS (around $345,000) by permanently freezing them.

The upgrade, warned the team, is mandatory, and node owners must upgrade their node immediately to avoid penalization. If your funds have been frozen, the team will “open a community proposal within the NULS governance mechanism to begin the process of unlocking those frozen assets.”

And in a Christmas miracle, the team wrote that, “through the cooperation of some of the exchanges, we have obtained sufficient evidence against the perpetrators, and we will take legal action to hold them fully accountable.”