Encrypted cloud domain

Mobile games threaten to steal cryptocurrency wallets! Unity engine urgently fixes "8-year-old vulnerability"

👤 transfer009@Sandra 📅 2026-04-03 07:34:53

The Unity engine has discovered a program vulnerability that has existed since 2017, which may lead to the leakage of cryptocurrency wallets. Because more than 70% of popular mobile games are built with Unity, it has caused panic among players.
(Preliminary summary: The Steam game of a live cancer player had his encrypted wallet hacked, and Valve urgently removed the hidden Trojan game)
(Background supplement: OpenAI helps create animated transfer009s! Musk does not lose: xAI and "Star Wars Eve" discuss cooperation in AI game development)

The existence of the Unity engine can be traced back to 2017 The "in-process code injection" vulnerability in 2016 affected about 70% of the world's most popular mobile games. Hackers can gain access to Android, Windows, macOS and Linux systems through infected games and steal crypto wallet mnemonics or private keys. According to Cointelegraph, although the vulnerability has been confirmed, Google pointed out that the Play Store has "not detected" actual criminal cases.

Vulnerability scope and attack paths

Unity dominates the mobile game market, with more than 50% of new games built on it, making it possible for vulnerabilities to spread to a large number of players. Hackers can plant malicious code inside the application and then induce a fake login screen to trick users into entering their wallet password through overlay attacks, input capture or screenshots. However, the Google APP team said:

Based on our current detection, malicious apps that exploit this vulnerability have not been found in the Play Store.

Compared with Google Play, which is officially censored, the sideloading behavior of installing APK from third-party websites is higher risk. Not only does it lack pre-scanning, but it also cannot automatically obtain patches subsequently released by Unity and developers.

Unity has begun making patching tools available to partners and plans to update its guidance publicly next week. Before the patch is fully implemented, players can take four methods to protect their crypto assets:

  • Update games and systems at any time
  • Avoid downloading APKs from unknown sources
  • Check and close unnecessary permissions, such as overlaying on other applications
  • Separate devices that store large amounts of crypto assets from mobile phones used to play games
Label:
policy
share:
FB X YT IG
transfer009@Sandra

transfer009@Sandra

Blockchain and cryptoassets editor, focusing onpolicyDomain content analysis and insights

Comment (10)

Leah
Leah 88days ago
Looking forward to more explorations of the combination of technology and business.
Delilah
Delilah 88days ago
The views are solid and worthy of long-term attention.
Kylie
Kylie 88days ago
Find the right balance between compliance and innovation.
Isaac
Isaac 88days ago
There are many interoperability standards, which may form new silos.
Kyson
Kyson 88days ago
What are cold wallets and hot wallets?
Jack
Jack 88days ago
Good point, I support it.
Alice
Alice 88days ago
At present, the industry bubble has reduced and the value has returned.
Alexander
Alexander 89days ago
Agreed, user growth is more important than technical narrative.
Blythe
Blythe 108days ago
If the private key is lost, will the assets never be recovered?
Jasper
Jasper 110days ago
The current pace of industry development is accelerating.

Add comment

Related content

U.S. SEC Chairman: We are planning an

U.S. SEC Chairman: We are planning an "innovation exemption" for DeFi protocols and should not be punished for malicious use by others

2026-04-03
Trust Wallet suffered a major security vulnerability! Do not import mnemonic phrases and upgrade to 2.69 as soon as possible, at least $6 million has been stolen

Trust Wallet suffered a major security vulnerability! Do not import mnemonic phrases and upgrade to 2.69 as soon as possible, at least $6 million has been stolen

2026-04-03
Lao Gao talks about

Lao Gao talks about "Bybit theft and North Korean hackers": The transaction address is garbled and difficult to identify, and it is to blame that the multi-signature personnel did not confirm it

2026-04-03
Do Kwon pleads guilty to fraud: I deceived investors who bought UST/LUNA, I’m very sorry...I hope to get a substantial reduction in sentence

Do Kwon pleads guilty to fraud: I deceived investors who bought UST/LUNA, I’m very sorry...I hope to get a substantial reduction in sentence

2026-04-03
New developments in the JPEX fraud case》Hong Kong police prosecuted 16 people involved in the case, and two masterminds are still at large

New developments in the JPEX fraud case》Hong Kong police prosecuted 16 people involved in the case, and two masterminds are still at large

2026-04-03
Software company CFO misappropriated $35 million of customer funds to gamble on DeFi and lost it all

Software company CFO misappropriated $35 million of customer funds to gamble on DeFi and lost it all

2026-04-03

Popular content

SEC Commissioner Hester Peirce: NFT royalties do not constitute securities

SEC Commissioner Hester Peirce: NFT royalties do not constitute securities

2026-04-03
 Bybit's 500,000 ETH stolen were all washed away and turned into hidden selling pressure? CEO issued an announcement clarifying: 77% of cash flow can be traced

Bybit's 500,000 ETH stolen were all washed away and turned into hidden selling pressure? CEO issued an announcement clarifying: 77% of cash flow can be traced

2026-04-03
 Hong Kong Securities and Futures Commission warns: FoFund, Fo Coin, and Taohuayuan NFT are

Hong Kong Securities and Futures Commission warns: FoFund, Fo Coin, and Taohuayuan NFT are "suspicious products" and investors need to be careful

2026-04-03
 Ledger founder kidnapped for 48 hours》David Balland and his wife rescued! 10 suspects arrested, encryption ransom frozen

Ledger founder kidnapped for 48 hours》David Balland and his wife rescued! 10 suspects arrested, encryption ransom frozen

2026-04-03
 About 60 BTC stolen from Odin.fun! The founder admits that he “doesn’t have enough funds to compensate” for pointing out Chinese hackers

About 60 BTC stolen from Odin.fun! The founder admits that he “doesn’t have enough funds to compensate” for pointing out Chinese hackers

2026-04-03
 White House Crypto Czar David Sacks: Confident that the “Crypto Market Structure Act” will be passed this year, which will provide regulatory clarity to the industry

White House Crypto Czar David Sacks: Confident that the “Crypto Market Structure Act” will be passed this year, which will provide regulatory clarity to the industry

2026-04-03

Related sections

market analyze technology policy

Popular content

rent trx energy TRON Energy Exchange TRX Exchange TRX Energy Rental Energy Source TRX Energy Market Fee Free USDT Transfer TRON Energy Leasing Energy Pool Integration Energy Pool Agency rent tron energy tron energy for transfer Low-Cost Energy Energy Platform Integration tron transaction energy trx energy service buy trx energy TRX Energy Agency Direct Source Energy Pool tron energy service