Federal prosecutors have charged 21-year-old Florida resident Zyaire Wilkins with running a two-year scheme that hid crypto-stealing malware inside legitimate-looking video games on Steam, the FBI said.
A federal criminal complaint alleges Wilkins and unnamed co-conspirators uploaded multiple titles to the platform, including BlockBlasters, Dashverse, Lampy, Lunara and PirateFi. The games functioned normally on the surface but secretly installed malware that siphoned passwords, personal data and cryptocurrency from victims' machines. Prosecutors say the operation infected roughly 8,000 computers, compromised around 80 crypto wallets, and netted at least $220,000 in stolen digital assets, with promotion handled through Discord, LinkedIn and Telegram.
Why it matters
Steam-hosted malware is a recurring supply-chain vector: a single trojanized title can reach the install base of any game that briefly trends on the storefront's discovery feeds. Wrapping credential stealers and wallet drainers inside a playable shell lowers the bar for victims who would never execute an obvious phishing binary. The complaint also highlights how off-ramps for stolen crypto remain a weak link: investigators traced on-chain flows to gift-card purchases, including Uber Eats deliveries tied back to Wilkins before his arrest and the seizure of his devices and wallets.
Market impact
The case lands in the same enforcement lane as prior DOJ and FBI actions targeting Steam and Discord as distribution infrastructure for information stealers such as RedLine, Raccoon and LummaC2, several of which have been disrupted by international takedowns this year.
Frequently asked questions
-
Who was arrested and what are they accused of?
Zyaire Wilkins, a 21-year-old Florida resident and student, was charged in a federal criminal complaint with allegedly publishing malware-laced video games on Steam that stole passwords, personal data and cryptocurrency from victims over a two-year period.
-
Which Steam games were named in the complaint?
The complaint lists BlockBlasters, Dashverse, Lampy, Lunara and PirateFi as titles allegedly published by Wilkins and unnamed co-conspirators. The games appeared functional but secretly installed credential-stealing malware.
-
How many victims and how much was stolen?
The FBI alleges the operation infected about 8,000 computers, compromised roughly 80 crypto wallets, and resulted in at least $220,000 in stolen digital assets.
-
How did investigators link the stolen crypto to Wilkins?
Prosecutors say they traced cryptocurrency transactions from the scheme to gift-card purchases, including Uber Eats gift cards linked to deliveries made to Wilkins. Agents later searched his residence and seized electronic devices and digital wallets.
-
How does this fit the broader Steam malware trend?
Steam-hosted games have been a recurring distribution channel for info-stealers such as RedLine, Raccoon and LummaC2, several of which faced international law enforcement takedowns this year. The Wilkins case follows the same supply-chain playbook of wrapping credential and wallet stealers inside playable titles…
WatcherGuru