What happens when a trusted gaming platform becomes a weapon for cybercriminals? That’s exactly what unfolded with BlockBlasters, a free-to-play platformer on Steam that turned from harmless fun into a malicious cryptocurrency-draining scheme.

For nearly two months, BlockBlasters appeared safe, even earning “Very Positive” reviews. But in late August, the developers pushed an update containing a cryptodrainer payload, which siphoned off crypto from unsuspecting players. The most shocking case involved RastalandTV, a Latvian gamer livestreaming a fundraiser for his cancer treatment, who lost $32,000 in crypto live on air. The community rallied in support, with donations from high-profile figures like Alex Becker helping to cover the loss.

Researchers estimate attackers stole between $150,000 and $157,000 from hundreds of Steam users. Investigators found malicious components including a dropper batch script to steal Steam login info and IP addresses, a Python backdoor, and the StealC information stealer. Evidence also suggests attackers targeted high-value crypto users identified on Twitter, blending platform abuse with precision social engineering.

The incident exposes a broader problem: Steam’s verification system is not enough to stop malicious updates. BlockBlasters joins a list of recent Steam-distributed malware cases, raising questions about Valve’s responsibility to protect users from supply chain attacks embedded in “trusted” games.

For players, the advice is urgent—uninstall BlockBlasters immediately, reset Steam credentials, and transfer crypto assets to secure wallets. For the industry, it’s a stark reminder that digital trust can be weaponized, and that gaming platforms are now part of the cybersecurity battlefield.

#Steam #BlockBlasters #cryptoscam #cryptodrainer #malware #gamingsecurity #RastalandTV #cryptocurrency #cybercrime #supplychainattack #StealC #infostealer #Valve