NFL Rivals
Cyrex partnered with Mythical to conduct penetration testing for NFL Rivals, securing its Unity-based multiplayer systems and marketplace integration to protect digital collectibles, in-game currency, and competitive gameplay integrity.
The Challenge
Securing a Unity Multiplayer Title with Digital Collectibles
NFL Rivals is a Unity-powered, arcade-style football game built around competitive multiplayer and digital ownership. Players unlock football superstars and digital collectibles through Mythical’s Marketplace, using in-game currency (Credits) to purchase player cards and packs.
The integration between the game and Mythical’s evolving marketplace ecosystem introduced a complex security surface.
Critical areas included:
- Authentication and account protection
- Secure handling of in-game currency (Credits)
- Marketplace-linked digital collectible purchases
- Validation of rewards and progression systems
- Multiplayer systems including leagues and squads
Because player progression and digital asset ownership intersect, vulnerabilities in transaction handling or gameplay validation could impact both competitive balance and user trust. With multiple marketplace iterations planned, Mythical required a penetration testing partner capable of validating the security of both gameplay systems and integration logic.
The Cyrex Solution
Targeted Penetration Testing Across Gameplay & Marketplace Systems
Cyrex conducted comprehensive penetration testing of NFL Rivals, focusing on core multiplayer features and marketplace-connected systems.
Our security engineers evaluated the application with an attacker mindset, testing both gameplay logic and economic flows for exploit opportunities.
Multiplayer & Core Gameplay Assessment
The engagement included testing of:
- Matchmaking systems
- Authentication and registration flows
- Leagues system
- Squad (clan) functionality
- Chat features
- Events and campaigns
- Team management logic
- Achievement and reward systems
Each component was assessed for improper trust assumptions, validation gaps, and logic flaws that could impact fairness or progression.
Marketplace & Currency Validation
Given the integration with Mythical’s Marketplace, Cyrex evaluated:
- Handling of in-game currency (Credits)
- Validation of player card purchases
- Integrity of digital collectible transactions
- Protection of financial and account-related data
The objective was to ensure that transactions between the game and marketplace were properly validated and resistant to tampering or manipulation.
Collaborative Remediation
Following vulnerability identification, Cyrex worked directly with Mythical’s security engineers to provide structured remediation guidance.
This collaborative approach ensured:
- Rapid mitigation of identified issues
- Alignment with Mythical’s development roadmap
- Reinforced security across evolving marketplace versions
The engagement strengthened the security foundation of NFL Rivals while maintaining development velocity.
The Outcome
Reinforced Competitive Integrity & Secure Digital Ownership
- Identification and remediation of gameplay and transaction-related vulnerabilities
- Strengthened authentication and account protection
- Improved validation of in-game currency and digital collectibles
- Increased confidence in marketplace integration security
Client Feedback
Mythical
“It was a pleasure working with the security team. They are extremely knowledgeable, capable, and very flexible; partnering with us and adjusting processes and communication to suit our needs. We are very much looking forward to an ongoing relationship between our teams.”
Don't Let Players Find the Weakness
Your launch is months away. Hackers will find exploits in hours. Let our engineers secure your game before it's too late.
Response time: <24 hours • NDA included • No commitment required