You don’t seem to understand the issue with self-signed certificates, so allow me to explain.
Generally, when people say “Don’t use self-signed certificates!”, they mean in the context of a web-server, in which you expect the general public to connect via a web server. In such a situation, if a self-signed certificate is used, this will lead to an error message:
Users will naturally want to ignore the warning and proceed – after all, that’s the only way for them to use your website. So if an attacker intercepts the connection and presents his own self-signed certificate, the user would not be able to see that. After all, the error message is seen as a natural part of the process.
Self-Signed Certificates in other settings
Companies usually have a self-signed certificate as a root-certificate for internal services. This certificate is distributed internally (usually via Active Directory) and thus trusted by all clients.
This is a normal setup and works as intended. If an attacker would attempt to intercept the connection, an error would occur, as his certificate would not be trusted.
Self-Signed Certificates for your game
I assume that you have a server, which manages the game state, and a game client (likely a native client). In this situation, there is nothing wrong with using a self-signed certificate. Simply distribute the certificate with the client and keep the private key on the server.
Can the attacker just steal the private key?
Only if your server has a vulnerability, which would allow the attacker to do so. But that risk would also exist with a certificate signed by an external certificate authority.