Mobile games threaten to steal cryptocurrency wallets! Unity engine urgently fixes "8-year-old vulnerability"

👤 transfers@Sandra 📅 2026-04-03 06:30:01

The Unity engine has discovered a program vulnerability that has existed since 2017, which may lead to the leakage of cryptocurrency wallets. Because more than 70% of popular mobile games are built with Unity, it has caused panic among players.
(Preliminary summary: The Steam game of a live cancer player had his encrypted wallet hacked, and Valve urgently removed the hidden Trojan game)
(Background supplement: OpenAI helps create animated transferss! Musk does not lose: xAI and "Star Wars Eve" discuss cooperation in AI game development)

The existence of the Unity engine can be traced back to 2017 The "in-process code injection" vulnerability in 2016 affected about 70% of the world's most popular mobile games. Hackers can gain access to Android, Windows, macOS and Linux systems through infected games and steal crypto wallet mnemonics or private keys. According to Cointelegraph, although the vulnerability has been confirmed, Google pointed out that the Play Store has "not detected" actual criminal cases.

Vulnerability scope and attack paths

Unity dominates the mobile game market, with more than 50% of new games built on it, making it possible for vulnerabilities to spread to a large number of players. Hackers can plant malicious code inside the application and then induce a fake login screen to trick users into entering their wallet password through overlay attacks, input capture or screenshots. However, the Google APP team said:

Based on our current detection, malicious apps that exploit this vulnerability have not been found in the Play Store.

Compared with Google Play, which is officially censored, the sideloading behavior of installing APK from third-party websites is higher risk. Not only does it lack pre-scanning, but it also cannot automatically obtain patches subsequently released by Unity and developers.

Unity has begun making patching tools available to partners and plans to update its guidance publicly next week. Before the patch is fully implemented, players can take four methods to protect their crypto assets:

Update games and systems at any time
Avoid downloading APKs from unknown sources
Check and close unnecessary permissions, such as overlaying on other applications
Separate devices that store large amounts of crypto assets from mobile phones used to play games

Label：

policy

FB X YT IG

transfers@Sandra

Blockchain and cryptoassets editor, focusing onpolicyDomain content analysis and insights

Comment (10)

Clyde 85days ago

The article's outlook on scalability is overly optimistic.

Benjamin 85days ago

A good summary, blockchain is indeed iterating rapidly.

Samuel 85days ago

Competition for talent in the industry will become more obvious in the future.

John 85days ago

I very much agree that competition in public chains will become more intense in the future.

Mary 86days ago

What is the essential difference between state-issued digital currency and Bitcoin?

Wayne 86days ago

Putting assets on the chain is just the beginning, and ecology is the future.

Gail 86days ago

The potential of DeFi is still not fully unleashed.

Stanley 90days ago

If there are loopholes in the smart contract, can it be upgraded and repaired?

Ezra 95days ago

Approximately how much data can be stored in a block?

Logan 100days ago

Agreed, user growth is more important than technical narrative.

Mobile games threaten to steal cryptocurrency wallets! Unity engine urgently fixes "8-year-old vulnerability"

Vulnerability scope and attack paths

transfers@Sandra

Comment (10)

Add comment

Related content

SEC SHOT! Suspension of stock trading of crypto reserve companies QMMM and SDM: involving price manipulation and speculation

Former Alameda Research CEO Caroline has left prison and been transferred to community supervision after serving only 11 months in prison

The Democratic Party proposed the "Clean Cloud Act" to require U.S. Bitcoin mining companies and AI computing centers to embrace green energy: achieve zero carbon emissions by 2035

The repeal of the IRS’s “DeFi Broker Rules” has been sent to Trump to be signed into law, a major victory for the crypto industry

U.S. Bitcoin profits will be deducted 5% when repatriated to Taiwan! Trump plans to introduce new bill: tax on transfers from non-U.S. citizens

Ledger founder kidnapped for 48 hours》David Balland and his wife rescued! 10 suspects arrested, encryption ransom frozen

Popular content

The "Blockchain Regulatory Determination Act" was officially incorporated into the CLARITY Digital Market Clarity Act, and the top ten crypto institutions applauded

The British FCA has fully lifted the "cryptocurrency ETN ban", is it expected to unlock US$930 billion in buying orders?

4 people handed over 6 million USDT and were raped! "Drinking urine and making indecent movies" turned out to be the Bamboo Union Gang gangsters who were trying to take advantage of others

Retail investors cry! Brazil cancels cryptocurrency tax exemption and levies a unified income tax of 17.5%

UK government sends 65,000 tax letters at once: warning cryptocurrency users to file their taxes honestly

finally? Montenegro’s Ministry of Justice orders Do Kwon to be extradited to the United States, Terra founder’s dream of returning to South Korea is shattered

Related sections

Popular content