Crypto Academy

Mobile games threaten to steal cryptocurrency wallets! Unity engine urgently fixes "8-year-old vulnerability"

👤 hlosw@Sandra 📅 2026-02-03 21:09:24

The Unity engine has discovered a program vulnerability that has existed since 2017, which may lead to the leakage of cryptocurrency wallets. Because more than 70% of popular mobile games are built with Unity, it has caused panic among players.
(Preliminary summary: The Steam game of a live cancer player had his encrypted wallet hacked, and Valve urgently removed the hidden Trojan game)
(Background supplement: OpenAI helps create animated hlosws! Musk does not lose: xAI and "Star Wars Eve" discuss cooperation in AI game development)

The existence of the Unity engine can be traced back to 2017 The "in-process code injection" vulnerability in 2016 affected about 70% of the world's most popular mobile games. Hackers can gain access to Android, Windows, macOS and Linux systems through infected games and steal crypto wallet mnemonics or private keys. According to Cointelegraph, although the vulnerability has been confirmed, Google pointed out that the Play Store has "not detected" actual criminal cases.

Vulnerability scope and attack paths

Unity dominates the mobile game market, with more than 50% of new games built on it, making it possible for vulnerabilities to spread to a large number of players. Hackers can plant malicious code inside the application and then induce a fake login screen to trick users into entering their wallet password through overlay attacks, input capture or screenshots. However, the Google APP team said:

Based on our current detection, malicious apps that exploit this vulnerability have not been found in the Play Store.

Compared with Google Play, which is officially censored, the sideloading behavior of installing APK from third-party websites is higher risk. Not only does it lack pre-scanning, but it also cannot automatically obtain patches subsequently released by Unity and developers.

Unity has begun making patching tools available to partners and plans to update its guidance publicly next week. Before the patch is fully implemented, players can take four methods to protect their crypto assets:

  • Update games and systems at any time
  • Avoid downloading APKs from unknown sources
  • Check and close unnecessary permissions, such as overlaying on other applications
  • Separate devices that store large amounts of crypto assets from mobile phones used to play games
Label:
policy
share:
FB X YT IG
hlosw@Sandra

hlosw@Sandra

Blockchain and cryptoassets editor, focusing onpolicyDomain content analysis and insights

Comment (10)

Sage
Sage 30days ago
Layer 2 solutions are the most practical path at the moment.
Elodie
Elodie 30days ago
If there are loopholes in the smart contract, can it be upgraded and repaired?
Landon
Landon 30days ago
What does TPS of blockchain mean?
Bess
Bess 30days ago
At present, the industry still needs compliance promotion.
Owen
Owen 30days ago
After reading this, I feel more confident in DAO.
Karen
Karen 30days ago
I hope more people can see this kind of rational analysis.
Mabel
Mabel 33days ago
The content of the article is professional and supports the point of view.
Archie
Archie 36days ago
Why is Ethereum called the "world computer"?
Lucy
Lucy 47days ago
Token economic model design is a big science.
Ethan
Ethan 47days ago
Developer tools and infrastructure are still very unfriendly.

Add comment

Related content

The Democratic Party proposed the

The Democratic Party proposed the "Clean Cloud Act" to require U.S. Bitcoin mining companies and AI computing centers to embrace green energy: achieve zero carbon emissions by 2035

2026-02-03
Should PoS staking rewards be taxed immediately? U.S. couple's dissatisfaction with filing IRS lawsuit becomes the focus of discussion

Should PoS staking rewards be taxed immediately? U.S. couple's dissatisfaction with filing IRS lawsuit becomes the focus of discussion

2026-02-03
Bybit's 500,000 ETH stolen were all washed away and turned into hidden selling pressure? CEO issued an announcement clarifying: 77% of cash flow can be traced

Bybit's 500,000 ETH stolen were all washed away and turned into hidden selling pressure? CEO issued an announcement clarifying: 77% of cash flow can be traced

2026-02-03
The trading platform

The trading platform "Asia-Pacific Eant" BitAsset was involved in mainland-owned operations, and two people in charge were prosecuted

2026-02-03
The

The "Blockchain Regulatory Determination Act" was officially incorporated into the CLARITY Digital Market Clarity Act, and the top ten crypto institutions applauded

2026-02-03
The SEC will transfer lawyers responsible for Ripple and Coinbase litigation. Is the era of crypto-friendliness in the United States really here?

The SEC will transfer lawyers responsible for Ripple and Coinbase litigation. Is the era of crypto-friendliness in the United States really here?

2026-02-03

Popular content

4 people handed over 6 million USDT and were raped!

4 people handed over 6 million USDT and were raped! "Drinking urine and making indecent movies" turned out to be the Bamboo Union Gang gangsters who were trying to take advantage of others

2026-02-03
 Romania blocks Polymarket! Providing gambling services without a license, blockchain is not an umbrella for illegal gambling

Romania blocks Polymarket! Providing gambling services without a license, blockchain is not an umbrella for illegal gambling

2026-02-03
 Musk wants all U.S. civil servants to “explain what they did last week or else they’ll be fired”! All major government agencies ordered: Ignore him

Musk wants all U.S. civil servants to “explain what they did last week or else they’ll be fired”! All major government agencies ordered: Ignore him

2026-02-03
 Haotian: Why was the 15,000 cmETH hacked by Bybit able to be recovered?

Haotian: Why was the 15,000 cmETH hacked by Bybit able to be recovered?

2026-02-03
 SEC Commissioner Hester Peirce: NFT royalties do not constitute securities

SEC Commissioner Hester Peirce: NFT royalties do not constitute securities

2026-02-03
 The U.S. SEC indicted Don Vo, the founder of Bitcoin mining company VBit: he fraudulently raised US$95.6 million and misappropriated US$48.5 million to give gambling gifts.

The U.S. SEC indicted Don Vo, the founder of Bitcoin mining company VBit: he fraudulently raised US$95.6 million and misappropriated US$48.5 million to give gambling gifts.

2026-02-03

Related sections

market analyze technology policy

Popular content

TRON Energy Purchase TRON Energy Agency TRX Energy Exchange TRX Auto Exchange TG Telegram Energy Robot Setup TRON Energy Lease TRX Energy Lease & Exchange TRON Energy Leasing tron energy for transfer tron network energy trx energy Fee Free USDT Transfer Telegram TRX Energy Robot Source Code TRX Energy Market tron transaction energy trx energy platform Free USDT Transfer TRX Energy Flash Rental rent trx energy Energy Pool Agent Recruitment