Mobile games threaten to steal cryptocurrency wallets! Unity engine urgently fixes "8-year-old vulnerability"

👤 pwcio@Sandra 📅 2026-04-03 06:48:36

The Unity engine has discovered a program vulnerability that has existed since 2017, which may lead to the leakage of cryptocurrency wallets. Because more than 70% of popular mobile games are built with Unity, it has caused panic among players.
(Preliminary summary: The Steam game of a live cancer player had his encrypted wallet hacked, and Valve urgently removed the hidden Trojan game)
(Background supplement: OpenAI helps create animated pwcios! Musk does not lose: xAI and "Star Wars Eve" discuss cooperation in AI game development)

The existence of the Unity engine can be traced back to 2017 The "in-process code injection" vulnerability in 2016 affected about 70% of the world's most popular mobile games. Hackers can gain access to Android, Windows, macOS and Linux systems through infected games and steal crypto wallet mnemonics or private keys. According to Cointelegraph, although the vulnerability has been confirmed, Google pointed out that the Play Store has "not detected" actual criminal cases.

Vulnerability scope and attack paths

Unity dominates the mobile game market, with more than 50% of new games built on it, making it possible for vulnerabilities to spread to a large number of players. Hackers can plant malicious code inside the application and then induce a fake login screen to trick users into entering their wallet password through overlay attacks, input capture or screenshots. However, the Google APP team said:

Based on our current detection, malicious apps that exploit this vulnerability have not been found in the Play Store.

Compared with Google Play, which is officially censored, the sideloading behavior of installing APK from third-party websites is higher risk. Not only does it lack pre-scanning, but it also cannot automatically obtain patches subsequently released by Unity and developers.

Unity has begun making patching tools available to partners and plans to update its guidance publicly next week. Before the patch is fully implemented, players can take four methods to protect their crypto assets:

Update games and systems at any time
Avoid downloading APKs from unknown sources
Check and close unnecessary permissions, such as overlaying on other applications
Separate devices that store large amounts of crypto assets from mobile phones used to play games

Label：

policy

FB X YT IG

pwcio@Sandra

Blockchain and cryptoassets editor, focusing onpolicyDomain content analysis and insights

Comment (10)

Reagan 86days ago

The future narrative is still there, but implementation is more important.

Alice 87days ago

Blockchain + identity authentication is a necessary scenario.

Gideon 87days ago

At present, the industry is developing rapidly, but the challenges are not small.

Briar 87days ago

Looking forward to more high-quality content output.

Samuel 87days ago

Why is Ethereum called the "world computer"?

Clara 87days ago

Identity, identity on the chain will be more important in the future.

Kellan 92days ago

Agreed, technological innovation will not stop.

Rick 103days ago

At present, blockchain applications still need to be popularized.

Lila 112days ago

Are the rise and fall of currency prices related to the performance of the blockchain network itself?

Dorian 115days ago

Compliance uncertainty is the sword of Damocles hanging over your head.

Mobile games threaten to steal cryptocurrency wallets! Unity engine urgently fixes "8-year-old vulnerability"

Vulnerability scope and attack paths

pwcio@Sandra

Comment (10)

Add comment

Related content

Chinese police: The virtual currency involved in the case is now sold through the Hong Kong Exchange and turned over to the state treasury

Retail investors cry! Brazil cancels cryptocurrency tax exemption and levies a unified income tax of 17.5%

Not just the Federation! Various banks are considering "blocking exchange deposits and withdrawals." How does Taiwan's crypto work?

New developments in the JPEX fraud case》Hong Kong police prosecuted 16 people involved in the case, and two masterminds are still at large

If you don’t give me Bitcoin, I’ll blow up the building! Hyundai Group headquarters received a bomb threat email, and the suspect demanded 13 BTC

Pump.fun accused of gambling organization crime! Solana Labs and foundation executives were named as defendants, and Jito, who engaged in MEV, was not spared either.

Popular content

Ledger founder kidnapped for 48 hours》David Balland and his wife rescued! 10 suspects arrested, encryption ransom frozen

4 people handed over 6 million USDT and were raped! "Drinking urine and making indecent movies" turned out to be the Bamboo Union Gang gangsters who were trying to take advantage of others

U.S. SEC Chairman: We are planning an "innovation exemption" for DeFi protocols and should not be punished for malicious use by others

SkyBridge Capital founder warns: Friendly encryption regulations won’t start overnight after Trump takes office, that’s not how Washington works

Do Kwon sentenced to 15 years, judge: tough sentence to stop next $40 billion LUNA disaster

An American man concealed "$345 million in Bitcoin" hidden in the evidence hard drive! FBI directly formatted it. The private key was broken.

Related sections

Popular content