US Arrests Hacker Who Stole $220K in Cryptocurrency via Malicious Steam Games

Photo: Tom's Hardware
Quick answer
The US has detained the organizer of a cybercriminal group that distributed malware through Steam games. Hackers infected 8,000 devices and stole $220,000.
US federal agents have arrested 21-year-old Zyair Wilkins of North Lauderdale, Florida, on charges of orchestrating a cybercriminal scheme. According to case materials, he was involved in distributing malware through a popular digital game distribution platform. The malicious code was embedded in eight games, including BlockBlasters, Dashverse, and PirateFi, resulting in the infection of approximately 8,000 devices.
Investigators report that the criminals stole at least $220,000 from around 80 cryptocurrency wallets between May 2024 and February 2026. Wilkins, operating under the pseudonym Sibel.eth, allegedly financed and promoted the malware rather than developing it. The FBI linked him to a $10,000 purchase of a remote access trojan and communications about methods to deceive victims.
The criminals promoted the infected games through Discord*, Telegram, X*, and LinkedIn*, and used bots to identify users with substantial cryptocurrency assets. The attack’s success rate was about 1%: out of 8,000 infected devices, funds were stolen from 80 victims. Among those affected was a streamer who lost $32,000 raised for cancer treatment.
Investigators determined that the stolen bitcoins were converted into gift cards via Bitrefill. Over 150 cards were used for Uber Eats orders linked to Wilkins’ addresses. A search of his home uncovered devices and seed phrases for cryptocurrency wallets, including Monero. The total transaction amount tied to the suspect exceeded $382,000.
Wilkins faces up to 10 years in prison. Valve, the company that owns the Steam platform, has not yet commented on the incident. In the past two years, Steam has repeatedly seen cases of malware distribution through games, including an incident involving the game Chemia Early Access, which contained three strains of malicious software.
*** The social network LinkedIn is banned in the Russian Federation.
**** The messenger Discord is banned in the Russian Federation.
Common questions
- Which games were used to distribute the malware?
- The attackers embedded malicious code in games such as BlockBlasters, Dashverse, Lunara, and PirateFi, distributed via the Steam platform. These games were identified by the FBI as primary infection vectors.
- How did the hackers manage to steal cryptocurrency?
- Cybercriminals used a remote access trojan (RAT) to deceive victims into confirming transactions that drained funds from their wallets. The attacks targeted users with significant cryptocurrency holdings.
- What are the potential consequences for the accused?
- Suspect Zyair Wilkins faces up to 10 years in prison if convicted of conspiracy to commit data theft for financial gain.
Dzen feed: /feed/dzen.xml · RSS: /feed.xml