Steam games are supposed to install entertainment. Prosecutors say Zyaire Wilkins used fake titles on Steam to install malware that helped drain crypto wallets.
The FBI arrested Wilkins, a 21-year-old Florida resident and student, on Tuesday after prosecutors accused him and unnamed co-conspirators of publishing malware-laced games on Valve’s PC games platform, according to TechCrunch. Authorities allege the Steam malware scheme infected around 8,000 victims, compromised around 80 cryptocurrency wallets, and stole at least $220,000 worth of crypto.
FBI arrests Zyaire Wilkins over alleged Steam malware games that stole crypto
Prosecutors said Wilkins and others published several fake or malicious games over the past two years, including BlockBlasters, Dashverse, Lampy, Lunara, and PirateFi. The games were allegedly designed to look legitimate enough that users could install and play them.
That was the hook. The hidden payload, prosecutors allege, was malware built to infect computers, steal passwords and other data, and drain crypto wallets.
The complaint targets Wilkins’ alleged conduct, not ordinary Steam publishing or game development. Still, the case puts Steam at the center of a sharp security question: how did games carrying malware reach users through a familiar storefront?
Local 10 News, citing a 15-page federal criminal complaint, reported that Wilkins is from North Lauderdale, Florida, and that the case is being prosecuted in Seattle federal court. The complaint said Wilkins and others allegedly “gained unauthorized access to approximately 80 cryptocurrency wallets and stole cryptocurrencies worth at least $220,000” by launching eight games embedded with malware and infecting approximately 8,000 individual customers.
“After their victims downloaded the games, the conspirators used the malware to access and steal private user data and credentials,” the complaint states, according to Local 10 News.
Authorities said the games were marketed through Discord, LinkedIn, and Telegram, according to TechCrunch. Local 10 News also reported that the complaint named X among the platforms used to promote the games.
Wilkins’ lawyer did not respond to TechCrunch’s request for comment. According to the complaint, Wilkins refused to speak or answer questions after agents searched his residence.
Fake Steam games expose the trust gap crypto thieves can exploit
The expectation is simple: a user downloads a game from a known PC storefront and gets a game. Prosecutors say the reality in this case was different: some downloads allegedly carried malware that turned entertainment software into a path toward stolen credentials and crypto theft.
That gap matters because crypto theft does not require every infected user to hold meaningful assets. A broad infection base gives attackers more chances to find the smaller subset with wallets worth targeting. In this case, prosecutors allege around 8,000 infections led to around 80 hacked crypto wallets.
The alleged Steam malware campaign also shows why attackers benefit from blending into normal consumer behavior. A fake game promoted on chat and social platforms can look less suspicious than a random executable file sent directly to a victim.
The before-and-after is stark:
- Assumption: A listed game is mainly a consumer product.
- Allegation: Several listed games secretly carried malware.
- Assumption: Marketing on Discord or Telegram is normal game promotion.
- Allegation: Those channels helped drive victims toward infected downloads.
- Assumption: Only a few victims need to matter.
- Reality alleged by prosecutors: Thousands of infections can create enough reach to find dozens of crypto wallets.
This fits a broader pattern XOOMAR readers already know: crypto theft often rewards attackers who get close to private credentials rather than trying to break blockchains themselves. That is why our coverage of Fake Oracle Profits Drain $18M in Ostium Exploit sits in the same risk category for investors, even though the alleged Wilkins case centers on malware-distributed games rather than a DeFi exploit.
The Steam angle is the sharper consumer-security issue. Valve has removed several games from its platform over the last year after they were found to contain malware, including PirateFi, according to TechCrunch. The source material does not say whether Valve has commented on this complaint.
Gift cards, Uber Eats, and the alleged trail to Sibel.eth
Investigators say they identified a specific crypto account involved in the scheme and traced payments from that account to gift card purchases. Those included Uber Eats gift cards, according to TechCrunch.
After subpoenaing Uber, federal agents found the gift cards were tied to an account that made deliveries to Wilkins, who allegedly used the online nickname Sibel.eth. Local 10 News reported that authorities traced cryptocurrency payments to Bitrefill, an online service used to buy more than 150 digital gift cards, predominantly for Uber Eats.
That detail gives the complaint its most concrete attribution thread. The alleged path runs from crypto payments, to gift cards, to delivery records, to Wilkins.
Agents then obtained a search warrant for Wilkins’ residence. They seized his MacBook laptop, cellphones, other devices, digital wallets, and, according to Local 10 News, multiple devices and three cryptocurrency wallet seed phrases.
Local 10 News also reported that the complaint says Wilkins used Sibel.eth on Signal to communicate with the “primary developer” of the programs. That person was not identified in the complaint.
Federal law enforcement is already a major thread across XOOMAR’s breaking coverage, including Trump’s FBI Line Deepens Lindsey Graham Death Furor. Here, the FBI’s role is narrower but technically dense: connecting alleged malware distribution, blockchain activity, subpoenaed platform data, and seized devices.
Court filings and Steam safeguards now become the pressure points
Wilkins faces a charge of conspiracy to obtain information by computer for private financial gain, a charge that could carry up to 10 years in prison, according to Local 10 News. Federal court records cited by the outlet showed he was scheduled to appear in Fort Lauderdale federal court on Wednesday morning.
The next filings matter. They could clarify whether prosecutors add counts, whether more alleged co-conspirators are named, and how much evidence investigators recovered from seized devices and wallets.
For Steam users, the practical risk is more immediate. Anyone who downloaded BlockBlasters, Dashverse, Lampy, Lunara, PirateFi, or other titles named by investigators should treat the machine as potentially compromised.
Concrete steps, grounded in the alleged behavior described in the complaint:
- Scan: Run reputable security tools on any device that installed the named games.
- Separate: Move crypto activity to a clean device and a clean wallet if compromise is suspected.
- Rotate: Change passwords tied to exchanges, email accounts, and wallet services from an uncompromised device.
- Revoke: Review and revoke risky wallet permissions tied to accounts that may have been exposed.
- Report: The FBI previously asked people who downloaded the malicious games to come forward and provide evidence.
The unresolved issue is not whether malware can hide in software downloads. Prosecutors allege it already did here. The watch item is whether court records show how these games passed through Steam long enough to reach thousands of users, and whether Valve changes review or warning procedures after the Wilkins case moves forward.
Impact Analysis
- The case shows how malware can reach users through familiar platforms that appear trustworthy.
- Crypto wallet users face heightened risk when installing unverified games or software.
- The allegations could increase pressure on Steam and other marketplaces to strengthen malware screening.
Originally published on XOOMAR. For more news and analysis, visit XOOMAR.
Top comments (0)