Fake Steam Game Turns Into Crypto Heist Stealing Over $150,000 From 400 Players

Steam Stores Malicious Game That Stole Over $150,000 in Crypto

A seemingly innocent game on Steam turned into a major security threat, draining crypto wallets of hundreds of players and exposing vulnerabilities in one of the world’s largest digital gaming platforms.

“Block Blasters,” a free-to-play 2D platformer, secretly included malware that siphoned at least $150,000 in cryptocurrency before the game was removed.

How a Fake Game Became a Crypto Heist

Block Blasters was published by Genesis Interactive and initially appeared on Steam on 30 July.

For over a month, it ran hidden executables targeting players’ wallets.

The malware went unnoticed despite the game receiving more than 200 “very positive” reviews.

On 30 August, the cryptodrainer component was added, quietly activating on users’ systems.

Malware tracker vx-underground revealed that the game even tried to lure streamers into promoting it through spearphishing campaigns promising compensation.

Streamer Hit by Massive Losses Sparks Investigation

The scheme came to public attention when Latvian streamer Raivo Plavnieks, known as Rastaland.TV, lost $31,189 after downloading the game.

Plavnieks, 26, is battling stage 4 high-grade sarcoma and had been raising funds via his Solana-based token, Help Me Beat Cancer (CANCER), to cover treatment costs.

He wrote on X,

“I can't breathe, I can't think, I'm completely lost on what is going to happen next. Can't shake the feeling that it is my fault that I might end up on the street again or not have anything to eat in [a] few days.”

The crypto community quickly rallied, boosting Plavnieks’ token by 3,000% to a $2.5 million market cap and helping replace lost funds.

Well-known pseudonymous crypto investigator ZachXBT joined forces with other researchers to track the perpetrators and analyse how the attack bypassed Steam’s security.

Malware Traced Back to AI-Generated Code

Experts examining Block Blasters noted the malware bore hallmarks of AI-generated code, which allowed investigators to dissect it effectively.

Despite minimal technical skill from the attackers, the malware successfully circumvented Steam’s security protocols and targeted vulnerable users.

Steam Faces Criticism Over Platform Security

The incident has raised serious questions about Steam’s vetting process.

ZachXBT called out Valve for hosting the malicious title for several weeks, while malware researcher vx-underground estimated around 907 devices were infected, although duplicates suggest roughly 400 victims.

Attackers Showed No Remorse

Investigators noted the attackers were unsympathetic when confronted, telling Plavnieks he would “make it all back” and offering no immediate restitution.

One pseudonymous security researcher stated,

“I think with such a heinous crime as stealing from society's most vulnerable, we can set aside differences and use our skills for the greater good.”

Community Support Helps Victim Recover

Beyond token support, Plavnieks received direct financial donations, including $32,500 from crypto influencer Alex Becker.

He has reported the attack to authorities, switched the wallet for creator rewards, and plans to replace his computer’s SSD.

Plavnieks wrote,

“Thank you all from the bottom of my heart. Me, my brothers, and my mom are completely left without words on all the support we have received [over the] past 24 hours after the hack happened. [...] Words will never express how thankful me and my family are. I hope we can express it in some way or another to you all soon!”

Could Steam’s Vetting Process Allow More Malicious Games?

Block Blasters is the latest in a string of malicious titles removed from Steam, including PirateFi, Sniper: Phantom’s Resolution, and Chemia.

While Valve swiftly removed the game on 21 September after public exposure, the incident demonstrates that even major platforms remain susceptible to complex malware attacks targeting the crypto community.