Chain Era

Mobile games threaten to steal cryptocurrency wallets! Unity engine urgently fixes "8-year-old vulnerability"

đŸ‘€ kmquy@Sandra 📅 2026-04-02 18:09:31

The Unity engine has discovered a program vulnerability that has existed since 2017, which may lead to the leakage of cryptocurrency wallets. Because more than 70% of popular mobile games are built with Unity, it has caused panic among players.
(Preliminary summary: The Steam game of a live cancer player had his encrypted wallet hacked, and Valve urgently removed the hidden Trojan game)
(Background supplement: OpenAI helps create animated kmquys! Musk does not lose: xAI and "Star Wars Eve" discuss cooperation in AI game development)

The existence of the Unity engine can be traced back to 2017 The "in-process code injection" vulnerability in 2016 affected about 70% of the world's most popular mobile games. Hackers can gain access to Android, Windows, macOS and Linux systems through infected games and steal crypto wallet mnemonics or private keys. According to Cointelegraph, although the vulnerability has been confirmed, Google pointed out that the Play Store has "not detected" actual criminal cases.

Vulnerability scope and attack paths

Unity dominates the mobile game market, with more than 50% of new games built on it, making it possible for vulnerabilities to spread to a large number of players. Hackers can plant malicious code inside the application and then induce a fake login screen to trick users into entering their wallet password through overlay attacks, input capture or screenshots. However, the Google APP team said:

Based on our current detection, malicious apps that exploit this vulnerability have not been found in the Play Store.

Compared with Google Play, which is officially censored, the sideloading behavior of installing APK from third-party websites is higher risk. Not only does it lack pre-scanning, but it also cannot automatically obtain patches subsequently released by Unity and developers.

Unity has begun making patching tools available to partners and plans to update its guidance publicly next week. Before the patch is fully implemented, players can take four methods to protect their crypto assets:

  • Update games and systems at any time
  • Avoid downloading APKs from unknown sources
  • Check and close unnecessary permissions, such as overlaying on other applications
  • Separate devices that store large amounts of crypto assets from mobile phones used to play games
Label
policy
share
FB X YT IG
kmquy@Sandra

kmquy@Sandra

Blockchain and cryptoassets editor, focusing onpolicyDomain content analysis and insights

Comment (10)

Logan
Logan 86days ago
At present, blockchain is moving towards mainstream vision.
Harold
Harold 86days ago
If there are loopholes in the smart contract, can it be upgraded and repaired?
Drew
Drew 86days ago
I hope more people can see this kind of rational analysis.
Sophia
Sophia 86days ago
Is the difference between NFT and ordinary pictures only in the contract?
Frances
Frances 86days ago
In the future, the integration between on-chain and off-chain will be closer.
Grayson
Grayson 86days ago
At present, blockchain still needs to solve experience problems.
Max
Max 95days ago
It is rare that the issue of energy consumption is objectively discussed.
Phoenix
Phoenix 101days ago
In DeFi’s Lego portfolio, the underlying risks are superimposed and hidden.
Anna
Anna 105days ago
What does "confirmation number" mean on the blockchain browser?
Florence
Florence 112days ago
There are still opportunities for innovation in the market.

Add comment

Related content

The truth behind the collapse of the world’s sixth-largest “LuBian Roadside Mining Pool” is exposed: 127,000 Bitcoins were stolen, now worth US$14.5 billion (untouched in five years)

The truth behind the collapse of the world’s sixth-largest “LuBian Roadside Mining Pool” is exposed: 127,000 Bitcoins were stolen, now worth US$14.5 billion (untouched in five years)

2026-04-02
South Korea’s health insurance executive embezzled 4.6 billion won in public funds and lost all money by “playing with cryptocurrency contracts”! Sentenced to 15 years

South Korea’s health insurance executive embezzled 4.6 billion won in public funds and lost all money by “playing with cryptocurrency contracts”! Sentenced to 15 years

2026-04-02
Bybit's 500,000 ETH stolen were all washed away and turned into hidden selling pressure? CEO issued an announcement clarifying: 77% of cash flow can be traced

Bybit's 500,000 ETH stolen were all washed away and turned into hidden selling pressure? CEO issued an announcement clarifying: 77% of cash flow can be traced

2026-04-02
Only sentenced to 3 years of probation! The 31-year-old lawyer's father is a judge, and he collaborated with the evil rich second generation to

Only sentenced to 3 years of probation! The 31-year-old lawyer's father is a judge, and he collaborated with the evil rich second generation to "defraud 400 million" and celebrated their success by taking drugs and having a sex party

2026-04-02
If you don’t give me Bitcoin, I’ll blow up the building! Hyundai Group headquarters received a bomb threat email, and the suspect demanded 13 BTC

If you don’t give me Bitcoin, I’ll blow up the building! Hyundai Group headquarters received a bomb threat email, and the suspect demanded 13 BTC

2026-04-02
Trust Wallet suffered a major security vulnerability! Do not import mnemonic phrases and upgrade to 2.69 as soon as possible, at least $6 million has been stolen

Trust Wallet suffered a major security vulnerability! Do not import mnemonic phrases and upgrade to 2.69 as soon as possible, at least $6 million has been stolen

2026-04-02

Popular content

If you don’t give me Bitcoin, I’ll blow up the building! Hyundai Group headquarters received a bomb threat email, and the suspect demanded 13 BTC

If you don’t give me Bitcoin, I’ll blow up the building! Hyundai Group headquarters received a bomb threat email, and the suspect demanded 13 BTC

2026-04-02
 The SUI on-chain protocol Cetus liquidity pool is suspected of being hacked! The trading pair abnormally plummeted by more than 70%

The SUI on-chain protocol Cetus liquidity pool is suspected of being hacked! The trading pair abnormally plummeted by more than 70%

2026-04-02
 New developments in the JPEX fraud case》Hong Kong police prosecuted 16 people involved in the case, and two masterminds are still at large

New developments in the JPEX fraud case》Hong Kong police prosecuted 16 people involved in the case, and two masterminds are still at large

2026-04-02
 milestone! The United States passes three cryptocurrency bills: GENIUS stable currency, Clarity regulation, and anti-CBDC law sent to Trump for signature

milestone! The United States passes three cryptocurrency bills: GENIUS stable currency, Clarity regulation, and anti-CBDC law sent to Trump for signature

2026-04-02
 Is DAT hype dying? SEC investigates 200 “crypto treasury companies” for insider trading

Is DAT hype dying? SEC investigates 200 “crypto treasury companies” for insider trading

2026-04-02
 SEC Commissioner Hester Peirce: NFT royalties do not constitute securities

SEC Commissioner Hester Peirce: NFT royalties do not constitute securities

2026-04-02

Related sections

market analyze technology policy

Popular content

TRX Energy Agency TRX Energy Flash Rental TG Telegram Energy Robot Setup Buy Tron Energy rent tron energy trx energy platform tron energy rental Fee Free USDT Transfer Energy Agency Cooperation Energy Source TRON Energy Agency TRX Energy Lease & Exchange TRON Energy Sale TRX Energy Purchase Energy Robot Setup Energy Pool Agency TRX Energy Rental TRX Exchange trx energy for transfer trx energy rental