Malicious Steam Game BlockBlasters Steals $150,000 in Cryptocurrency

Another malicious game has been discovered on Steam—BlockBlasters. The case gained attention after streamer Raivo Plavnieks (RastalandTV), who was raising money for stage-four cancer treatment, lost $32,000 in donations after installing the game. A subsequent investigation revealed that hundreds of other users were also affected.

The game and its hidden payload

BlockBlasters, published by developer Genesis Interactive, was a 2D platformer available on Steam for almost two months (July 30 to September 21, 2025). According to SteamDB, the title was benign until August 30, when a malicious update introduced a cryptocurrency-stealing component. The game has since been removed from Steam, though archived versions remain accessible.

How the theft unfolded

The malware came to light during a live stream. RastalandTV, who was streaming to raise money for sarcoma treatment, was persuaded by a viewer to install BlockBlasters with the promise of additional donations. After running the game, the $32,000 he had raised through donations was stolen.

Plavnieks’ GoFundMe campaign was already 58% funded, but news of the theft drew widespread attention. Several crypto community figures offered support, including influencer Alex Becker, who publicly confirmed he had transferred $32,500 to the streamer’s secure wallet.

Widening impact

An investigation quickly revealed that Plavnieks was far from the only victim. Blockchain analyst ZachXBT reported that the attackers stole at least $150,000 from 261 Steam users. The VXUnderground research team tracked even greater losses, estimating 478 victims. The group published a list of affected usernames and urged users to reset their credentials immediately.

Targeted distribution

Researchers believe the campaign was deliberate. Malicious actors reportedly identified cryptocurrency holders on X (formerly Twitter) and encouraged them to download and promote BlockBlasters. This outreach created a steady funnel of victims with sizable digital wallets.

Technical analysis

Cybersecurity specialists released a technical breakdown of the malware. The batch script dropper performed environment checks before harvesting Steam login details and IP addresses, which were then exfiltrated to a command server.

Further analysis by GDATA researchers showed that the campaign combined multiple tools: the batch stealer, a Python backdoor, and a payload from the StealC stealer family.

The attackers also made critical mistakes. They left code for their Telegram bot—including its tokens exposed. OSINT investigators claim they used this oversight to identify the perpetrator as an Argentine immigrant currently living in Miami, Florida, and said they notified U.S. Immigration and Customs Enforcement (ICE).

A growing pattern on Steam

This is already the fourth malware incident on Steam in 2025. Earlier in the year, the malicious titles Sniper: Phantom’s Resolution and PirateFi were pulled from the platform, followed in July by Chemia, which had been modified to include an information-stealer.