Mobile games threaten to steal cryptocurrency wallets! Unity engine urgently fixes "8-year-old vulnerability"

šŸ‘¤ 02mp@Sandra šŸ“… 2026-07-17 17:30:56

The Unity engine has discovered a program vulnerability that has existed since 2017, which may lead to the leakage of cryptocurrency wallets. Because more than 70% of popular mobile games are built with Unity, it has caused panic among players.
(Preliminary summary: The Steam game of a live cancer player had his encrypted wallet hacked, and Valve urgently removed the hidden Trojan game)
(Background supplement: OpenAI helps create animated 02mps! Musk does not lose: xAI and "Star Wars Eve" discuss cooperation in AI game development)

The existence of the Unity engine can be traced back to 2017 The "in-process code injection" vulnerability in 2016 affected about 70% of the world's most popular mobile games. Hackers can gain access to Android, Windows, macOS and Linux systems through infected games and steal crypto wallet mnemonics or private keys. According to Cointelegraph, although the vulnerability has been confirmed, Google pointed out that the Play Store has "not detected" actual criminal cases.

Vulnerability scope and attack paths

Unity dominates the mobile game market, with more than 50% of new games built on it, making it possible for vulnerabilities to spread to a large number of players. Hackers can plant malicious code inside the application and then induce a fake login screen to trick users into entering their wallet password through overlay attacks, input capture or screenshots. However, the Google APP team said:

Based on our current detection, malicious apps that exploit this vulnerability have not been found in the Play Store.

Compared with Google Play, which is officially censored, the sideloading behavior of installing APK from third-party websites is higher risk. Not only does it lack pre-scanning, but it also cannot automatically obtain patches subsequently released by Unity and developers.

Unity has begun making patching tools available to partners and plans to update its guidance publicly next week. Before the patch is fully implemented, players can take four methods to protect their crypto assets:

  • Update games and systems at any time
  • Avoid downloading APKs from unknown sources
  • Check and close unnecessary permissions, such as overlaying on other applications
  • Separate devices that store large amounts of crypto assets from mobile phones used to play games
Label:
share:
FB X YT IG
02mp@Sandra

02mp@Sandra

Blockchain and cryptoassets editor, focusing onpolicyDomain content analysis and insights

Comment (10)

Dylan 12days ago
At present, the blockchain infrastructure is becoming more and more complete.
Aaron 12days ago
There will be more protocol innovations in the future.
The 12days ago
Support this pragmatic technical discussion.
Isla 12days ago
There will be more innovative protocols emerging in the future.
Caleb 13days ago
The cultural value of NFT is overestimated, and the financial attributes are magnified.
Jack 13days ago
Users don’t care about technology, they only care about whether it is easy to use and whether they make money.
Beryl 13days ago
It is well said that technology is not the purpose, solving problems is.
Harvey 15days ago
Are coin mixers legal?
Rose 16days ago
Does the Metaverse have to be built on the blockchain?
Zachary 41days ago
In the future, blockchain will pay more attention to actual value.

Add comment

Popular content