In December 2018, SlowMist first discovered and warned that an attacker would use the message defect of the Electrum wallet client to force a pop-up "update prompt" when a user transfers money, inducing users to update and download malware, and then carry out a coin theft attack . Although Electrum officially said in early 2019 that some security mechanisms should be adopted to prevent such "update phishing", many users of Electrum are still in the old version (less than 3.3.4), and the old version is still under threat. However, we do not rule out that similar threats will be introduced in the new version. Recently, the slow mist technology anti-money laundering (AML) system has been continuously tracked and found that one of the attacker's wallet addresses bc1qcygs9dl4pqw6atc4yqudrzd76p3r9cp6xp2kny has stolen more than 30 BTC in total, and the crime has lasted half a year, and is currently active. We hereby remind Electrum users to pay attention to "Update Tips". The new version of Electrum in this "Update Tips" is likely to be fake. If there is an installation, please transfer Bitcoin in other security environments in a timely manner. At the same time, we call on the majority of cryptocurrency exchanges, wallets and other platforms to hack AML risk control systems and monitor the Bitcoin addresses as described above.