Federal authorities have taken action against an alleged scheme that used the popular Steam gaming platform as a delivery system for malware designed to empty victims' cryptocurrency wallets. A 21-year-old Florida resident and student, Zyaire Wilkins, now faces hacking-related charges tied to a scheme prosecutors say ran for roughly two years and touched thousands of gamers.

What the FBI Says Happened

According to a criminal complaint, Wilkins and a group of unnamed co-conspirators uploaded a series of fake video games to Steam that looked and functioned like real, playable titles. Underneath that legitimate-looking surface, however, the games carried malicious code built to infiltrate victims' computers, harvest login credentials and other personal data, and ultimately siphon funds out of connected crypto wallets.

The FBI took Wilkins into custody on a Tuesday, and prosecutors filed hacking charges against him and the other alleged participants the following day.

The Games Involved

Court documents identify five titles allegedly used to spread the malware over the two-year span of the operation:

  • BlockBlasters
  • Dashverse
  • Lampy
  • Lunara
  • PirateFi

Each was designed to pass as a normal, installable game, allowing victims to download and even play them while the hidden malware worked in the background.

Scale of the Alleged Damage

Investigators say the malware campaign reached far beyond a handful of unlucky downloads. The complaint alleges roughly 8,000 people were infected in total, and that the group went on to compromise about 80 individual cryptocurrency wallets. Prosecutors put the value of the stolen crypto at a minimum of $220,000.

How the Malware Was Distributed

Getting victims to install the games in the first place required marketing, and prosecutors say the group leaned on mainstream platforms to do it. The complaint describes promotion of the malicious titles across Discord, LinkedIn, and Telegram — channels commonly used by gamers and developers alike, which likely helped the fake titles blend in with legitimate indie releases.

How Investigators Connected Wilkins to the Scheme

The path from a suspicious crypto account to an arrest warrant involved some old-fashioned financial tracing layered on top of the digital investigation. After identifying another individual connected to the operation, federal agents interviewed that person, who reportedly admitted to helping raise money to launch and promote the malicious games in exchange for a cut of the stolen cryptocurrency.

From there, investigators traced a specific crypto account tied to the scheme and followed its transactions to purchases of gift cards, including Uber Eats gift cards. A subpoena to Uber reportedly revealed that those gift cards were linked to an account making deliveries to Wilkins, who allegedly went by the online handle "Sibel.eth."

The Search and Arrest

Armed with that evidence, agents obtained a search warrant for Wilkins' home. The raid reportedly turned up his MacBook laptop, multiple cellphones, additional devices, and digital wallets. Per the complaint, Wilkins declined to answer questions when confronted by investigators. As of now, an attorney representing Wilkins has not responded to a request for comment on the case.

A Pattern Federal Agents Have Been Tracking for Months

This arrest doesn't emerge out of nowhere — it's the latest development in an investigation the FBI publicly acknowledged back in March, when the bureau said it was looking into a hacker suspected of using malware-laced games on Steam to target victims. At the time, the FBI put out a call asking anyone who had downloaded the malicious titles — including several of the same games named in this week's complaint — to come forward with information that could support the case.

Valve's Ongoing Malware Problem

The incident also fits into a broader, recurring issue for Steam's parent company, Valve. Over the past year, Valve has pulled multiple games from its platform after discovering they contained malware, including PirateFi specifically. In each case, the offending titles were built to look authentic enough that users could install and even play them normally, all while malicious code operated undetected underneath.