Star Engine

Mobile games threaten to steal cryptocurrency wallets! Unity engine urgently fixes "8-year-old vulnerability"

👤 transfertop@Sandra 📅 2026-04-02 14:20:56

The Unity engine has discovered a program vulnerability that has existed since 2017, which may lead to the leakage of cryptocurrency wallets. Because more than 70% of popular mobile games are built with Unity, it has caused panic among players.
(Preliminary summary: The Steam game of a live cancer player had his encrypted wallet hacked, and Valve urgently removed the hidden Trojan game)
(Background supplement: OpenAI helps create animated transfertops! Musk does not lose: xAI and "Star Wars Eve" discuss cooperation in AI game development)

The existence of the Unity engine can be traced back to 2017 The "in-process code injection" vulnerability in 2016 affected about 70% of the world's most popular mobile games. Hackers can gain access to Android, Windows, macOS and Linux systems through infected games and steal crypto wallet mnemonics or private keys. According to Cointelegraph, although the vulnerability has been confirmed, Google pointed out that the Play Store has "not detected" actual criminal cases.

Vulnerability scope and attack paths

Unity dominates the mobile game market, with more than 50% of new games built on it, making it possible for vulnerabilities to spread to a large number of players. Hackers can plant malicious code inside the application and then induce a fake login screen to trick users into entering their wallet password through overlay attacks, input capture or screenshots. However, the Google APP team said:

Based on our current detection, malicious apps that exploit this vulnerability have not been found in the Play Store.

Compared with Google Play, which is officially censored, the sideloading behavior of installing APK from third-party websites is higher risk. Not only does it lack pre-scanning, but it also cannot automatically obtain patches subsequently released by Unity and developers.

Unity has begun making patching tools available to partners and plans to update its guidance publicly next week. Before the patch is fully implemented, players can take four methods to protect their crypto assets:

  • Update games and systems at any time
  • Avoid downloading APKs from unknown sources
  • Check and close unnecessary permissions, such as overlaying on other applications
  • Separate devices that store large amounts of crypto assets from mobile phones used to play games
Label:
policy
share:
FB X YT IG
transfertop@Sandra

transfertop@Sandra

Blockchain and cryptoassets editor, focusing onpolicyDomain content analysis and insights

Comment (10)

Kairos
Kairos 81days ago
The technology stack will be more complete in the future.
Spencer
Spencer 81days ago
Thanks for the popular science, very friendly to newbies.
Penelope
Penelope 81days ago
Layer 2 solutions are the most practical path at the moment.
Jordan
Jordan 81days ago
The content of the article is informative and supports sharing.
Anna
Anna 81days ago
At present, industry competition has turned to ecological competition.
Layla
Layla 81days ago
What does "confirmation number" mean on the blockchain browser?
Leah
Leah 91days ago
The article is thoughtful and thoughtful, so please like it.
Alden
Alden 92days ago
Agreed, data value on the chain is the key.
Finnegan
Finnegan 96days ago
Technology is good technology, but it has been exploited by too many scams.
George
George 108days ago
The market is still exploring its direction.

Add comment

Related content

Haotian: Why was the 15,000 cmETH hacked by Bybit able to be recovered?

Haotian: Why was the 15,000 cmETH hacked by Bybit able to be recovered?

2026-04-02
Romania blocks Polymarket! Providing gambling services without a license, blockchain is not an umbrella for illegal gambling

Romania blocks Polymarket! Providing gambling services without a license, blockchain is not an umbrella for illegal gambling

2026-04-02
A crypto investor lost RMB 50 million after buying a “backdoor cold wallet” on Douyin

A crypto investor lost RMB 50 million after buying a “backdoor cold wallet” on Douyin

2026-04-02
Japan plans to introduce a

Japan plans to introduce a "separate taxation system" for cryptocurrency: spot, derivatives and ETF transactions will be taxed separately, with a unified tax rate of 20%

2026-04-02
White House Crypto Czar David Sacks: Confident that the “Crypto Market Structure Act” will be passed this year, which will provide regulatory clarity to the industry

White House Crypto Czar David Sacks: Confident that the “Crypto Market Structure Act” will be passed this year, which will provide regulatory clarity to the industry

2026-04-02
SEC Chairman Paul Atkins reiterates the goal of building a

SEC Chairman Paul Atkins reiterates the goal of building a "global cryptocurrency capital": returning to the regulatory mission and promoting Crypto+AI financial innovation

2026-04-02

Popular content

Is DAT hype dying? SEC investigates 200 “crypto treasury companies” for insider trading

Is DAT hype dying? SEC investigates 200 “crypto treasury companies” for insider trading

2026-04-02
 New developments in the JPEX fraud case》Hong Kong police prosecuted 16 people involved in the case, and two masterminds are still at large

New developments in the JPEX fraud case》Hong Kong police prosecuted 16 people involved in the case, and two masterminds are still at large

2026-04-02
 Only sentenced to 3 years of probation! The 31-year-old lawyer's father is a judge, and he collaborated with the evil rich second generation to

Only sentenced to 3 years of probation! The 31-year-old lawyer's father is a judge, and he collaborated with the evil rich second generation to "defraud 400 million" and celebrated their success by taking drugs and having a sex party

2026-04-02
 The truth behind the collapse of the world’s sixth-largest “LuBian Roadside Mining Pool” is exposed: 127,000 Bitcoins were stolen, now worth US$14.5 billion (untouched in five years)

The truth behind the collapse of the world’s sixth-largest “LuBian Roadside Mining Pool” is exposed: 127,000 Bitcoins were stolen, now worth US$14.5 billion (untouched in five years)

2026-04-02
 Haotian: Why was the 15,000 cmETH hacked by Bybit able to be recovered?

Haotian: Why was the 15,000 cmETH hacked by Bybit able to be recovered?

2026-04-02
 Retail investors cry! Brazil cancels cryptocurrency tax exemption and levies a unified income tax of 17.5%

Retail investors cry! Brazil cancels cryptocurrency tax exemption and levies a unified income tax of 17.5%

2026-04-02

Related sections

market analyze technology policy

Popular content

TRX Flash Exchange TRX Energy Agency TRON Energy Sale TRX Energy Rental TRON Energy Exchange Energy Agency Cooperation Free USDT Transfer tron energy TRX Energy Exchange TRX Energy Lease & Exchange Energy Pool Agency Direct Source Energy Pool TRX Purchase Buy Tron Energy trx energy rental tron energy rental trx energy service TRX Energy Leasing Energy Pool Integration tron transaction energy