Fri 17 Jul 2026 / 14:11 ET
Kernel
Hardware 3 min read

Florida man charged in crypto theft tied to malware-laced Steam games

The FBI says eight infected games reached about 8,000 devices and drained at least $220,000 from roughly 80 cryptocurrency wallets.

Mara Chen-Doyle

By Mara Chen-Doyle / Staff Writer

Florida man charged in crypto theft tied to malware-laced Steam games
img: Tom's Hardware

Federal agents have arrested Zyaire Dontaevious Zamarion Wilkins, a 21-year-old from North Lauderdale, Florida, in a cryptocurrency theft case tied to malware hidden in video games, according to a criminal complaint first reported by WPLG Local 10.

The FBI says Wilkins took part in a scheme that planted malicious code in eight games, infected about 8,000 devices, and stole at least $220,000 from roughly 80 cryptocurrency wallets between May 2024 and February 2026. He was charged with conspiracy to obtain information by computer for private financial gain.

The complaint does not name the storefront, referring only to a “popular digital distribution software company.” The games listed in the filing, including BlockBlasters, Dashverse, Lunara, and PirateFi, match titles the FBI named in March when it asked victims of infected Steam games to come forward.

The case is being handled in federal court in Seattle, near Valve’s headquarters in Bellevue, Washington. Wilkins’ arrest is the first public arrest reported in the investigation.

What prosecutors say happened

Investigators do not accuse Wilkins of writing the malware. According to WPLG Local 10’s account of the complaint, agents say he helped pay for and promote the operation. Agents had already searched the home of an unnamed developer who allegedly built the programs, WPLG reported.

Signal messages seized during that search allegedly connected Wilkins, using the handle Sibel.eth, to a $10,000 purchase of a remote access trojan. The messages also discussed getting victims to approve cryptocurrency transactions that would empty their wallets, according to the complaint as described by WPLG.

A remote access trojan gives an attacker control or visibility over a compromised computer. In a crypto theft, that can be enough to watch wallet activity, steal credentials, or interfere when a victim signs a transaction. The complaint’s theory is more specific: the conspirators allegedly pushed victims into approving transfers themselves, which is a dreary reminder that “confirm” buttons are security boundaries until someone tricks a user into clicking them.

The unnamed developer has not been charged, according to the complaint as reported by WPLG.

How the trail led to Wilkins

The FBI says the conspirators advertised the infected games on Discord, Telegram, X, and LinkedIn. They also used bots to identify people with large cryptocurrency holdings and contact them directly, according to the complaint.

That targeting helps explain the numbers. About 8,000 devices were infected, while about 80 wallets were drained, a conversion rate of around 1%. Security researchers ZachXBT and vx-underground previously estimated that BlockBlasters alone stole more than $150,000 from between 261 and 478 victims, including $32,000 in cancer treatment donations taken from a Twitch streamer in September 2025.

Investigators say they traced stolen Bitcoin to Bitrefill, a service that sells gift cards. More than 150 gift cards were bought with funds from the scheme’s Bitcoin wallet, according to agents, and most were spent through Uber Eats.

An Uber subpoena tied those cards to an account receiving deliveries at Wilkins’ family home and at his University of West Florida addresses, according to the complaint. When agents searched the North Lauderdale home a week before the arrest, they seized several devices and three cryptocurrency wallet seed phrases, including one for a Monero wallet. The complaint says Wilkins’ transaction history showed $382,000 in cryptocurrency sent or received.

Wilkins faces up to 10 years in prison if convicted. He was scheduled to appear in federal court in Fort Lauderdale on July 15. Valve had not responded to WPLG Local 10’s request for comment as of publication.

This story draws on original reporting from Tom's Hardware.

More Hardware/

view all ↗