Mobile games threaten to steal cryptocurrency wallets! Unity engine urgently fixes "8-year-old vulnerability"

👤 45ux@Sandra 📅 2026-02-03 20:25:16

The Unity engine has discovered a program vulnerability that has existed since 2017, which may lead to the leakage of cryptocurrency wallets. Because more than 70% of popular mobile games are built with Unity, it has caused panic among players.
(Preliminary summary: The Steam game of a live cancer player had his encrypted wallet hacked, and Valve urgently removed the hidden Trojan game)
(Background supplement: OpenAI helps create animated 45uxs! Musk does not lose: xAI and "Star Wars Eve" discuss cooperation in AI game development)

The existence of the Unity engine can be traced back to 2017 The "in-process code injection" vulnerability in 2016 affected about 70% of the world's most popular mobile games. Hackers can gain access to Android, Windows, macOS and Linux systems through infected games and steal crypto wallet mnemonics or private keys. According to Cointelegraph, although the vulnerability has been confirmed, Google pointed out that the Play Store has "not detected" actual criminal cases.

Vulnerability scope and attack paths

Unity dominates the mobile game market, with more than 50% of new games built on it, making it possible for vulnerabilities to spread to a large number of players. Hackers can plant malicious code inside the application and then induce a fake login screen to trick users into entering their wallet password through overlay attacks, input capture or screenshots. However, the Google APP team said:

Based on our current detection, malicious apps that exploit this vulnerability have not been found in the Play Store.

Compared with Google Play, which is officially censored, the sideloading behavior of installing APK from third-party websites is higher risk. Not only does it lack pre-scanning, but it also cannot automatically obtain patches subsequently released by Unity and developers.

Unity has begun making patching tools available to partners and plans to update its guidance publicly next week. Before the patch is fully implemented, players can take four methods to protect their crypto assets:

Update games and systems at any time
Avoid downloading APKs from unknown sources
Check and close unnecessary permissions, such as overlaying on other applications
Separate devices that store large amounts of crypto assets from mobile phones used to play games

Label：

policy

FB X YT IG

45ux@Sandra

Blockchain and cryptoassets editor, focusing onpolicyDomain content analysis and insights

Comment (10)

Bonita 29days ago

What are cold wallets and hot wallets?

Ethan 29days ago

The security issues of smart contracts do need to be taken seriously.

Igor 29days ago

There are far more speculators than builders.

Zara 29days ago

In the future, blockchain will be more integrated with AI/IoT and other technologies.

Alistair 29days ago

The article is thoughtful and thoughtful, so please like it.

Carol 29days ago

Layer 2 solutions are the most practical path at the moment.

Heidi 29days ago

In the future, more traditional companies will embrace blockchain.

Ernie 42days ago

The scene of the combination of the Metaverse and the blockchain is still very vague.

Daisy 48days ago

After a transaction is uploaded to the chain, is it really completely unmodifiable?

Nora 54days ago

The article is thoughtful and thoughtful, so please like it.

Mobile games threaten to steal cryptocurrency wallets! Unity engine urgently fixes "8-year-old vulnerability"

Vulnerability scope and attack paths

45ux@Sandra

Comment (10)

Add comment

Related content

Is Ethereum MEV robot money laundering? U.S. court hears case of MIT brothers for first time, 25 million mg of sandwich arbitrage involves fraud

SkyBridge Capital founder warns: Friendly encryption regulations won’t start overnight after Trump takes office, that’s not how Washington works

Chainalysis report: North Korean hackers stole US$2 billion in crypto assets in 2025, with Bybit becoming the biggest victim

Google Play removed 17 Korean "unregistered overseas exchanges" KuCoin, MEXC, CoinW...all blocked

The SUI on-chain protocol Cetus liquidity pool is suspected of being hacked! The trading pair abnormally plummeted by more than 70%

Dunamu, the parent company of Upbit, was fined 35.2 billion won, the most expensive fine in the history of Korean cryptocurrency.

Popular content

Bankers colluded with a fraud syndicate to open an account, and the price was revealed for the first time. Is it as cheap as the lawyer involved?

The Bank of England's plan to "limit stablecoin holdings" has caused public outrage: It will not work at all and will only fall behind the global encryption competition.

Former Alameda Research CEO Caroline has left prison and been transferred to community supervision after serving only 11 months in prison

Do Kwon sentenced to 15 years, judge: tough sentence to stop next $40 billion LUNA disaster

Software company CFO misappropriated $35 million of customer funds to gamble on DeFi and lost it all

About 60 BTC stolen from Odin.fun! The founder admits that he “doesn’t have enough funds to compensate” for pointing out Chinese hackers

Related sections

Popular content