Mobile games threaten to steal cryptocurrency wallets! Unity engine urgently fixes "8-year-old vulnerability"

👤 energyedhome@Sandra 📅 2026-04-03 13:39:58

The Unity engine has discovered a program vulnerability that has existed since 2017, which may lead to the leakage of cryptocurrency wallets. Because more than 70% of popular mobile games are built with Unity, it has caused panic among players.
(Preliminary summary: The Steam game of a live cancer player had his encrypted wallet hacked, and Valve urgently removed the hidden Trojan game)
(Background supplement: OpenAI helps create animated energyedhomes! Musk does not lose: xAI and "Star Wars Eve" discuss cooperation in AI game development)

The existence of the Unity engine can be traced back to 2017 The "in-process code injection" vulnerability in 2016 affected about 70% of the world's most popular mobile games. Hackers can gain access to Android, Windows, macOS and Linux systems through infected games and steal crypto wallet mnemonics or private keys. According to Cointelegraph, although the vulnerability has been confirmed, Google pointed out that the Play Store has "not detected" actual criminal cases.

Vulnerability scope and attack paths

Unity dominates the mobile game market, with more than 50% of new games built on it, making it possible for vulnerabilities to spread to a large number of players. Hackers can plant malicious code inside the application and then induce a fake login screen to trick users into entering their wallet password through overlay attacks, input capture or screenshots. However, the Google APP team said:

Based on our current detection, malicious apps that exploit this vulnerability have not been found in the Play Store.

Compared with Google Play, which is officially censored, the sideloading behavior of installing APK from third-party websites is higher risk. Not only does it lack pre-scanning, but it also cannot automatically obtain patches subsequently released by Unity and developers.

Unity has begun making patching tools available to partners and plans to update its guidance publicly next week. Before the patch is fully implemented, players can take four methods to protect their crypto assets:

Update games and systems at any time
Avoid downloading APKs from unknown sources
Check and close unnecessary permissions, such as overlaying on other applications
Separate devices that store large amounts of crypto assets from mobile phones used to play games

Label：

policy

FB X YT IG

energyedhome@Sandra

Blockchain and cryptoassets editor, focusing onpolicyDomain content analysis and insights

Comment (10)

Ruby 87days ago

Is the difference between NFT and ordinary pictures only in the contract?

Oliver 87days ago

Agreed, cross-chain collaboration is the general trend.

Orion 87days ago

A good point and worthy of discussion.

Eleanor 87days ago

What is the relationship between IPFS and blockchain?

Fred 87days ago

It gives ideas on how traditional enterprises can embrace blockchain.

Mia 87days ago

From technology to ecology, the analysis is very comprehensive.

Tessa 88days ago

The true value of blockchain has finally been made clear.

Soren 95days ago

How are assets actually transferred across chains?

Sage 111days ago

The content of the article is good, support continued output.

Charlie 116days ago

Privacy protection is indeed a pain point in the industry, and the article points it out.

Mobile games threaten to steal cryptocurrency wallets! Unity engine urgently fixes "8-year-old vulnerability"

Vulnerability scope and attack paths

energyedhome@Sandra

Comment (10)

Add comment

Related content

Is DAT hype dying? SEC investigates 200 “crypto treasury companies” for insider trading

The British FCA has fully lifted the "cryptocurrency ETN ban", is it expected to unlock US$930 billion in buying orders?

Japan plans to introduce a "separate taxation system" for cryptocurrency: spot, derivatives and ETF transactions will be taxed separately, with a unified tax rate of 20%

Russian darknet boss "Moriarty" Solana issues meme currency $MORI, runs 3.2 million channels and calls himself the crime emperor

Polymarket admits that user funds have been stolen, and "one-click login" third-party services have become a vulnerability

The Bank of England's plan to "limit stablecoin holdings" has caused public outrage: It will not work at all and will only fall behind the global encryption competition.

Popular content

SEC defines Crypto classification for the first time: BTC is a "digital commodity"

China’s “DGCX Xinkangjia” defrauded RMB 13 billion! Fake Dubai Gold Exchange, more than 2 million victims

Haotian: Why was the 15,000 cmETH hacked by Bybit able to be recovered?

SkyBridge Capital founder warns: Friendly encryption regulations won’t start overnight after Trump takes office, that’s not how Washington works

Musk wants all U.S. civil servants to “explain what they did last week or else they’ll be fired”! All major government agencies ordered: Ignore him

Trump's currency issuance was reported by the Taiwanese as "violating the Money Laundering Prevention Law", PTT encryption moderator: The Financial Supervisory Commission will not catch him soon

Related sections

Popular content