Mobile games threaten to steal cryptocurrency wallets! Unity engine urgently fixes "8-year-old vulnerability"

👤 energy226@Sandra 📅 2026-04-03 12:28:38

The Unity engine has discovered a program vulnerability that has existed since 2017, which may lead to the leakage of cryptocurrency wallets. Because more than 70% of popular mobile games are built with Unity, it has caused panic among players.
(Preliminary summary: The Steam game of a live cancer player had his encrypted wallet hacked, and Valve urgently removed the hidden Trojan game)
(Background supplement: OpenAI helps create animated energy226s! Musk does not lose: xAI and "Star Wars Eve" discuss cooperation in AI game development)

The existence of the Unity engine can be traced back to 2017 The "in-process code injection" vulnerability in 2016 affected about 70% of the world's most popular mobile games. Hackers can gain access to Android, Windows, macOS and Linux systems through infected games and steal crypto wallet mnemonics or private keys. According to Cointelegraph, although the vulnerability has been confirmed, Google pointed out that the Play Store has "not detected" actual criminal cases.

Vulnerability scope and attack paths

Unity dominates the mobile game market, with more than 50% of new games built on it, making it possible for vulnerabilities to spread to a large number of players. Hackers can plant malicious code inside the application and then induce a fake login screen to trick users into entering their wallet password through overlay attacks, input capture or screenshots. However, the Google APP team said:

Based on our current detection, malicious apps that exploit this vulnerability have not been found in the Play Store.

Compared with Google Play, which is officially censored, the sideloading behavior of installing APK from third-party websites is higher risk. Not only does it lack pre-scanning, but it also cannot automatically obtain patches subsequently released by Unity and developers.

Unity has begun making patching tools available to partners and plans to update its guidance publicly next week. Before the patch is fully implemented, players can take four methods to protect their crypto assets:

Update games and systems at any time
Avoid downloading APKs from unknown sources
Check and close unnecessary permissions, such as overlaying on other applications
Separate devices that store large amounts of crypto assets from mobile phones used to play games

Label：

policy

FB X YT IG

energy226@Sandra

Blockchain and cryptoassets editor, focusing onpolicyDomain content analysis and insights

Comment (10)

Alec 87days ago

The scene of the combination of the Metaverse and the blockchain is still very vague.

Jeremy 87days ago

At present, many applications use blockchain for the sake of blockchain, and there are too many false demands.

Igor 87days ago

Agreed, the future is the era of trusted networks.

Eileen 87days ago

The trust mechanism of blockchain has indeed changed the traditional model.

Wolfgang 87days ago

Why is Ethereum called the "world computer"?

Pearl 87days ago

Putting assets on the chain is just the beginning, and ecology is the future.

Rick 87days ago

There will be more cross-border integration in the future.

Wolfgang 87days ago

Governance tokens often end up leading to plutocracy.

Abigail 89days ago

The NFT track has entered a new stage, and its application is more critical.

Kira 90days ago

Looking forward to more real-life cases to promote the development of the industry.

Mobile games threaten to steal cryptocurrency wallets! Unity engine urgently fixes "8-year-old vulnerability"

Vulnerability scope and attack paths

energy226@Sandra

Comment (10)

Add comment

Related content

China's seven major financial industry associations jointly warn: Cryptocurrency, RWA, and mining are all illegal! Overseas platforms also tread red lines when providing services

Pump.fun accused of gambling organization crime! Solana Labs and foundation executives were named as defendants, and Jito, who engaged in MEV, was not spared either.

Chainalysis report: North Korean hackers stole US$2 billion in crypto assets in 2025, with Bybit becoming the biggest victim

An American man concealed "$345 million in Bitcoin" hidden in the evidence hard drive! FBI directly formatted it. The private key was broken.

The British FCA has fully lifted the "cryptocurrency ETN ban", is it expected to unlock US$930 billion in buying orders?

Trump's currency issuance was reported by the Taiwanese as "violating the Money Laundering Prevention Law", PTT encryption moderator: The Financial Supervisory Commission will not catch him soon

Popular content

Why should cryptocurrency investors pay attention to the Taiwan-US Double Taxation Avoidance Act passed by the US House of Representatives?

A bizarre theft occurred at Heku Bank! 3.87 million yuan in cash disappeared within a minute after being placed on the ground. Is the mole planning to commit the crime?

UK government sends 65,000 tax letters at once: warning cryptocurrency users to file their taxes honestly

The SUI on-chain protocol Cetus liquidity pool is suspected of being hacked! The trading pair abnormally plummeted by more than 70%

Polymarket admits that user funds have been stolen, and "one-click login" third-party services have become a vulnerability

Ledger founder kidnapped for 48 hours》David Balland and his wife rescued! 10 suspects arrested, encryption ransom frozen

Related sections

Popular content