The SlowMist security team suspects that the stolen 342,000 ETH of Upbit may be related to the APT (Advanced Persistent Threat) attack that has been active before. This attack is characterized by long-term latency until it encounters a large amount of operable funds and a large one-time sum. Stolen. This year, Upbit discovered such attacks from North Korea. Of course, we cannot rule out the possibility of inner ghosts. In addition, the stolen was Upbit's ETH hot wallet. Cold wallets should be risk-free for the time being.