CYNTRI AIAutonomous DeFi
🔍SEARCH
THE BODY COUNT
THE RAP SHEET·🎮

He Hid Crypto-Stealing Malware in Steam Games, One Victim Lost $32K Live on a Cancer Stream

The games looked real. They passed Steam's approval, downloaded like anything else, and ran. Then they emptied your wallet. Zyaire Wilkins and his crew allegedly infected 8,000 machines through eight fake games - and one victim watched $32,000 vanish live on stream while raising money for cancer treatment.

S
SYNTH·The Rap Sheet
He Hid Crypto-Stealing Malware in Steam Games, One Victim Lost $32K Live on a Cancer Stream - CMZ investigation
Zyaire Wilkins, 21, hid crypto-stealing malware in eight Steam games, draining $220K in crypto.

Every crypto security guide tells you the same things. Do not click phishing links. Do not connect your wallet to sketchy sites. Do not sign transactions you do not understand. Nobody tells you not to download a video game from Steam, because that is supposed to be the safe part. Valve reviews the titles. They appear in the store like any other game. You install, you launch, you play. Zyaire Wilkins and his crew allegedly turned that assumption into a weapon.

On July 14, 2026, the FBI arrested Zyaire Dontaevious Zamarion Wilkins, a 21-year-old student from North Lauderdale, Florida. The next day, prosecutors charged him and a group of unnamed co-conspirators in a 15-page federal complaint with conspiracy to obtain information by computer for private financial gain - a Computer Fraud and Abuse Act count that carries up to ten years in prison. The scheme he is accused of running is one of the more unsettling crypto-theft operations documented, not because of the amount, but because of where it hid.

Between May 2024 and February 2026, the group allegedly published at least eight video games loaded with malware. The titles read like a shelf of forgettable indie games: BlockBlasters, Chemia, Dashverse, DashFPS, Lampy, Lunara, PirateFi, and Tokenova. Each one appeared legitimate. Each one made it onto the platform, which the complaint coyly refers to only as a "popular digital distribution software company" but which the FBI's own March victim-notice named directly as Steam. Once a player installed and launched the game, the malware went to work behind the gameplay, harvesting browser credentials, saved passwords, authentication tokens, and cryptocurrency wallet data. The stolen information was then combed for anything that could unlock a victim's crypto, and the accounts were drained.

CyntriAI
PREDICTIVE DEFI
Stop chasing yields across five chains.
Cyntri AI agents predict, execute, and rebalance your DeFi positions using advanced predictive models.
ETHSOLARBBASEOP
Read the Whitepaper
cyntriai.org
A Cyntri AI Project

The malware was not homemade junk. Investigators tied the campaign to a threat actor known as EncryptHub and to established info-stealer strains - Vidar, HijackLoader, and a custom tool called Fickle Stealer. This was a real operation with real tooling, marketed like a real product. The group advertised the games across Discord, Telegram, X, and LinkedIn, and, most chillingly, used bots to scan for users who already held large crypto balances, then sent those specific people targeted messages nudging them to download. They were not casting a wide net and hoping. They were hunting.

By the FBI's count, the games infected roughly 8,000 devices, gave the attackers access to about 80 cryptocurrency wallets, and stole at least $220,000.

And then there is the detail that turns this from a cybercrime statistic into something harder to read. One of the victims was a Twitch streamer who was live on air running a fundraiser for cancer treatment. While he streamed, the BlockBlasters malware activated on his machine and drained roughly $32,000 in front of his audience, in real time, mid-fundraiser. The money he was raising to help with medical costs, and his own funds along with it, went to an attacker watching for exactly that kind of balance. That is the human cost buried under the $220,000 headline. Someone lost their cancer-fundraiser money to a fake video game.

Here is the part that should embarrass Wilkins more than the arrest. For all the sophistication of the malware, the way he got caught was almost quaint. He allegedly took his cut of the stolen crypto - reportedly only about 30% of the haul, so he was not even the top of the operation - and did the one thing every laundering guide screams at you not to do. He spent it on things tied to his real identity. Investigators followed the stolen Bitcoin to more than 150 digital gift cards purchased through Bitrefill, and those gift cards were spent on accounts and deliveries - including a pile of Uber Eats orders - linked to his university and his home address. The malware was advanced. The operational security was ordering dinner to his dorm with stolen crypto. He also used the online handle "Sibel.eth," and encrypted Signal messages showed him coordinating with the operation's lead developer. He built a machine to steal invisibly, then left a receipt trail straight to his front door.

The bigger lesson lands on the platform, not the kid. Steam is trusted precisely because it is curated - Valve approves what goes in the store, which is supposed to mean you can install without the paranoia you would bring to a random download. Eight malware-laced games got through that approval anyway, some staying up long enough to infect thousands before Valve pulled PirateFi and BlockBlasters after users reported them. The supply chain everyone trusted had a hole in it, and the attackers found it. As one commenter on the story asked, why does a video game get unrestricted access to your machine at all - why is it not sandboxed away from your browser and your wallet? That is the uncomfortable question the case leaves open. The malware did not break into anything. It was invited in, wearing a game.

Wilkins is presumed innocent, and the complaint is an allegation, not a conviction. But the case is a marker for a shift crypto thieves have already made. The frontier is not always a clever smart-contract exploit. Sometimes it is a boring-looking indie game, approved by the store you trust, hunting the exact people with the most to lose.

The Aftermath

Wilkins was charged in a 15-page federal complaint and faced up to 10 years in prison; he is presumed innocent, and the unnamed co-conspirators - including the operation's lead developer he allegedly coordinated with over Signal - had not been charged as of the filing. The case is the first arrest tied to the FBI's broader Steam malware investigation, which began publicly in March 2026. Valve had already removed the flagged titles including PirateFi and BlockBlasters. The episode intensified scrutiny of how malicious software passed platform review and reached thousands of users, and revived long-standing questions about why games receive broad access to a user's system rather than running in a sandbox isolated from browsers and wallets. Investigators continued tracing the stolen funds and pursuing the remaining members of the group.

LESSONS LEARNED

!The trusted supply chain is now an attack surface. Users install Steam games without the paranoia they bring to random downloads, precisely because the store is curated. Eight malware-laced games passed that curation anyway - the malware did not break in, it was invited in wearing a game.
!Targeted beats broad. The group used bots to find users who already held large crypto balances and messaged those specific people. Modern crypto theft is not a wide net; it is a hunt for the wallets with the most in them.
!Advanced malware plus amateur laundering equals an arrest. Wilkins allegedly built a sophisticated info-stealer operation, then spent the proceeds on gift cards and Uber Eats tied to his own home and university. The blockchain remembered every hop straight back to his door.

COMMENTS

CMZ
END OF FILE
Filed under The Rap Sheet