Mobile games threaten to steal cryptocurrency wallets! Unity engine urgently fixes "8-year-old vulnerability"

👤 45va@Sandra 📅 2026-04-02 00:35:37

The Unity engine has discovered a program vulnerability that has existed since 2017, which may lead to the leakage of cryptocurrency wallets. Because more than 70% of popular mobile games are built with Unity, it has caused panic among players.
(Preliminary summary: The Steam game of a live cancer player had his encrypted wallet hacked, and Valve urgently removed the hidden Trojan game)
(Background supplement: OpenAI helps create animated 45vas! Musk does not lose: xAI and "Star Wars Eve" discuss cooperation in AI game development)

The existence of the Unity engine can be traced back to 2017 The "in-process code injection" vulnerability in 2016 affected about 70% of the world's most popular mobile games. Hackers can gain access to Android, Windows, macOS and Linux systems through infected games and steal crypto wallet mnemonics or private keys. According to Cointelegraph, although the vulnerability has been confirmed, Google pointed out that the Play Store has "not detected" actual criminal cases.

Vulnerability scope and attack paths

Unity dominates the mobile game market, with more than 50% of new games built on it, making it possible for vulnerabilities to spread to a large number of players. Hackers can plant malicious code inside the application and then induce a fake login screen to trick users into entering their wallet password through overlay attacks, input capture or screenshots. However, the Google APP team said:

Based on our current detection, malicious apps that exploit this vulnerability have not been found in the Play Store.

Compared with Google Play, which is officially censored, the sideloading behavior of installing APK from third-party websites is higher risk. Not only does it lack pre-scanning, but it also cannot automatically obtain patches subsequently released by Unity and developers.

Unity has begun making patching tools available to partners and plans to update its guidance publicly next week. Before the patch is fully implemented, players can take four methods to protect their crypto assets:

Update games and systems at any time
Avoid downloading APKs from unknown sources
Check and close unnecessary permissions, such as overlaying on other applications
Separate devices that store large amounts of crypto assets from mobile phones used to play games

Label：

policy

FB X YT IG

45va@Sandra

Blockchain and cryptoassets editor, focusing onpolicyDomain content analysis and insights

Comment (10)

Neva 86days ago

Looking forward to more industry trend insights.

Ansel 86days ago

Agreed, user growth is more important than technical narrative.

Kai 86days ago

Agreed, blockchain is changing business models.

Aaron 86days ago

What are the main risks involved in PoS staking?

Jagger 86days ago

Does the Metaverse have to be built on the blockchain?

Calvin 86days ago

Thanks for the popular science, very friendly to newbies.

Nadia 86days ago

The true value of blockchain has finally been made clear.

Britta 87days ago

Technology is good technology, but it has been exploited by too many scams.

Helen 98days ago

Compliance uncertainty is the sword of Damocles hanging over your head.

Zack 115days ago

The industry still needs time to settle.

Mobile games threaten to steal cryptocurrency wallets! Unity engine urgently fixes "8-year-old vulnerability"

Vulnerability scope and attack paths

45va@Sandra

Comment (10)

Add comment

Related content

The "Blockchain Regulatory Determination Act" was officially incorporated into the CLARITY Digital Market Clarity Act, and the top ten crypto institutions applauded

Use imitation grenades to rob the exchange! 21-year-old Russian man arrested on the spot

Lao Gao talks about "Bybit theft and North Korean hackers": The transaction address is garbled and difficult to identify, and it is to blame that the multi-signature personnel did not confirm it

Bybit's 500,000 ETH stolen were all washed away and turned into hidden selling pressure? CEO issued an announcement clarifying: 77% of cash flow can be traced

Hong Kong Securities and Futures Commission warns: FoFund, Fo Coin, and Taohuayuan NFT are "suspicious products" and investors need to be careful

On-chain detectives warn: $330 million in Bitcoin is suspected to have been stolen and laundered into Monero, and XMR once rose 50%

Popular content

Former Blockchain.com executive Jamie Selway joins the SEC and will serve as Director of Trading and Markets

The trading platform "Asia-Pacific Eant" BitAsset was involved in mainland-owned operations, and two people in charge were prosecuted

Hollywood director Carl Rinsch misappropriated Netflix investments to speculate in stocks and currencies. He once made $27 million in Dogecoin and now faces a 90-year sentence.

U.S. SEC Chairman: We are planning an "innovation exemption" for DeFi protocols and should not be punished for malicious use by others

The British FCA has fully lifted the "cryptocurrency ETN ban", is it expected to unlock US$930 billion in buying orders?

Retail investors cry! Brazil cancels cryptocurrency tax exemption and levies a unified income tax of 17.5%

Related sections

Popular content