The game BlockBlasters, which was approved by the Steam platform and remained available to users for over a month, became a means for a large-scale cryptocurrency theft. Since the end of August 2025, after another update, malicious code appeared in the game, allowing attackers to access players’ digital assets.
This is reported by Finway
Scope of the Fraud and Affected Users
Among the victims was Latvian streamer Raivo Plavnieks, known by the pseudonym RastalandTV. During a charity stream aimed at raising funds for cancer treatment, he downloaded BlockBlasters, after which over $32,000 was stolen from his crypto wallet. Total losses among players are estimated to exceed $150,000, with the number of affected individuals ranging from 261 to 478.
“The game BlockBlasters, which the Steam service verified as safe, turned out to be a tool for cryptocurrency theft. Attackers added malicious code to the game at the end of August 2025, resulting in losses exceeding $150,000.”
Investigation of the Malicious Code and Search for Perpetrators
A group of independent researchers has begun an investigation to establish the details of the attack. Code analysis revealed that the virus collected information about the user’s system, checked for antivirus protection, stole Steam account data, and sent it to a remote server. The researchers’ report includes evidence of malicious files, a list of potential victims, and the scripts used by the attackers.
Researchers emphasize that such a situation was made possible due to the lack of proper oversight by Valve — the developer of Steam, which allowed a dangerous game to be listed. Meanwhile, some experts claim they have managed to identify a suspect: likely an Argentine immigrant residing in Miami, USA. However, this information has not yet been officially confirmed.
It is worth noting that back in July 2025, experts had already recorded instances of malware spreading through games on Steam.