In the vast catalog of Steam’s digital storefront, BlockBlasters barely stood out. A pixelated 2D platformer released on July 30, 2025, it attracted a small following and even earned a “Verified” badge for Steam Deck compatibility. But by late September, it was at the center of one of the most troubling cyber incidents in recent gaming history — a case where a trusted platform was used as a delivery system for advanced malware, siphoning more than $150,000 from players’ cryptocurrency wallets.

The most heartbreaking story to emerge involved Latvian streamer Raivo “RastalandTV” Plavnieks, who is battling stage-4 sarcoma. Plavnieks had been raising donations for his treatment when he installed BlockBlasters during a livestream. Within hours, $32,000 in crypto donations were gone. “It wasn’t just money,” he later said on stream, “it was my community’s hope for me.”

According to researchers at multiple security firms, BlockBlasters began its life as a legitimate game. But on August 30, an update introduced a set of malicious payloads hidden within its installation files.

At the core of the scheme was StealC, a well-known infostealer optimized for grabbing crypto wallets, browser credentials, and Steam session tokens. A Windows batch script acted as the loader, scouring local directories for sensitive files, while a Python backdoor maintained persistence and allowed attackers to push additional payloads. The malware exfiltrated data to attacker-controlled command-and-control (C2) servers, some of which were registered just days before the update went live.

“This was a classic supply-chain attack, but against gamers,” explained Marcus Hill, a malware analyst at Cyguard Labs. “The trust users place in platforms like Steam is exactly what made this so effective. People didn’t think twice about downloading or updating a Verified game.”

What made BlockBlasters especially dangerous was not only its technical payload, but the way it spread. The game’s Verified status on Steam — meant only to confirm compatibility with the Steam Deck — was misunderstood by many as a broader safety guarantee. Positive reviews reinforced its legitimacy, giving players little reason to be suspicious.

Meanwhile, the attackers used social engineering to amplify their reach. On Twitch and Discord, fake accounts posed as gamers, encouraging others to try the “fun free game.” In some cases, victims were specifically targeted — particularly those known to hold or accept cryptocurrency.

“This wasn’t random,” noted cybersecurity journalist Alex Williams. “The attackers infiltrated gaming spaces where they knew people would be more vulnerable to a recommendation from someone in chat. They blended technical exploitation with psychological manipulation.”

Valve removed BlockBlasters from Steam on September 21, nearly three weeks after the malicious update appeared. By then, researchers estimate between 261 and 478 players had been affected.

The takedown has sparked debate about the adequacy of Steam’s vetting process. Currently, new games undergo an initial review, but updates are not subject to the same scrutiny. Critics argue that this loophole effectively gives bad actors a way to slip in malware after a game’s release.

Community members have also questioned the meaning of labels like “Verified,” which can create a false sense of security. “Verification should mean more than ‘this runs on the Steam Deck,’” one developer posted on X. “When users see a green checkmark, they assume safety.”

The BlockBlasters incident underscores the growing risks in the gaming ecosystem, where digital storefronts have become prime attack vectors. Unlike shady websites, platforms like Steam enjoy built-in trust — and that trust is now being tested.

For gamers, the takeaway is sobering. Even official storefronts are not immune to compromise. Experts recommend storing cryptocurrency in cold wallets, using endpoint protection capable of detecting commodity infostealers, and remaining wary of unsolicited game recommendations in chats.

For platforms, the responsibility is greater. Continuous monitoring of game updates, stricter sandboxing to prevent arbitrary script execution, and clearer trust labels are all part of the solution. As one analyst put it: “If Valve doesn’t adapt, attackers will keep exploiting the blind spots.”

While technical analysis is vital, the human impact of the BlockBlasters malware remains the most powerful reminder of what’s at stake. In the case of RastalandTV, the theft wasn’t just about cryptocurrency — it was about stolen hope.

“This wasn’t just a financial crime,” said Hill of Cyguard Labs. “It was an attack on the vulnerable, on someone who was relying on community generosity to fight for their life. That should hit all of us hard.”

The BlockBlasters scandal will likely be remembered not only as a cautionary tale of weak update security, but as a moral reckoning for the gaming industry. When trust is weaponized and generosity is punished, the entire ecosystem is put at risk.

Sources

• The Verge: Steam removes 2D platformer allegedly infected with malware, but not before it apparently steals over $150,000 in cryptocurrency from players

• GamesRadar: Steam removes 2D platformer allegedly infected with malware, but not before it apparently steals over $150,000 in cryptocurrency from players

• Tom's Hardware: Twitch streamer raising money for cancer treatment has funds stolen by malware-ridden Steam game - BlockBlasters title stole $150,000 from hundreds of players

• Bitdegree: Cancer Fund Wiped as Steam Game Drains Streamer's Crypto Wallet

• G Data Software: Infected Steam game downloads malware disguised as patch

• Eneba: Steam Game Crypto Scam; Streamers Lose Over $150,000

In the vast catalog of Steam’s digital storefront, BlockBlasters barely stood out. A pixelated 2D platformer released on July 30, 2025, it attracted a small following and even earned a “Verified” badge for Steam Deck compatibility. But by late September, it was at the center of one of the most troubling cyber incidents in recent gaming history — a case where a trusted platform was used as a delivery system for advanced malware, siphoning more than $150,000 from players’ cryptocurrency wallets.

The most heartbreaking story to emerge involved Latvian streamer Raivo “RastalandTV” Plavnieks, who is battling stage-4 sarcoma. Plavnieks had been raising donations for his treatment when he installed BlockBlasters during a livestream. Within hours, $32,000 in crypto donations were gone. “It wasn’t just money,” he later said on stream, “it was my community’s hope for me.”

According to researchers at multiple security firms, BlockBlasters began its life as a legitimate game. But on August 30, an update introduced a set of malicious payloads hidden within its installation files.

At the core of the scheme was StealC, a well-known infostealer optimized for grabbing crypto wallets, browser credentials, and Steam session tokens. A Windows batch script acted as the loader, scouring local directories for sensitive files, while a Python backdoor maintained persistence and allowed attackers to push additional payloads. The malware exfiltrated data to attacker-controlled command-and-control (C2) servers, some of which were registered just days before the update went live.

“This was a classic supply-chain attack, but against gamers,” explained Marcus Hill, a malware analyst at Cyguard Labs. “The trust users place in platforms like Steam is exactly what made this so effective. People didn’t think twice about downloading or updating a Verified game.”

What made BlockBlasters especially dangerous was not only its technical payload, but the way it spread. The game’s Verified status on Steam — meant only to confirm compatibility with the Steam Deck — was misunderstood by many as a broader safety guarantee. Positive reviews reinforced its legitimacy, giving players little reason to be suspicious.

Meanwhile, the attackers used social engineering to amplify their reach. On Twitch and Discord, fake accounts posed as gamers, encouraging others to try the “fun free game.” In some cases, victims were specifically targeted — particularly those known to hold or accept cryptocurrency.

“This wasn’t random,” noted cybersecurity journalist Alex Williams. “The attackers infiltrated gaming spaces where they knew people would be more vulnerable to a recommendation from someone in chat. They blended technical exploitation with psychological manipulation.”

Valve removed BlockBlasters from Steam on September 21, nearly three weeks after the malicious update appeared. By then, researchers estimate between 261 and 478 players had been affected.

The takedown has sparked debate about the adequacy of Steam’s vetting process. Currently, new games undergo an initial review, but updates are not subject to the same scrutiny. Critics argue that this loophole effectively gives bad actors a way to slip in malware after a game’s release.

Community members have also questioned the meaning of labels like “Verified,” which can create a false sense of security. “Verification should mean more than ‘this runs on the Steam Deck,’” one developer posted on X. “When users see a green checkmark, they assume safety.”

The BlockBlasters incident underscores the growing risks in the gaming ecosystem, where digital storefronts have become prime attack vectors. Unlike shady websites, platforms like Steam enjoy built-in trust — and that trust is now being tested.

For gamers, the takeaway is sobering. Even official storefronts are not immune to compromise. Experts recommend storing cryptocurrency in cold wallets, using endpoint protection capable of detecting commodity infostealers, and remaining wary of unsolicited game recommendations in chats.

For platforms, the responsibility is greater. Continuous monitoring of game updates, stricter sandboxing to prevent arbitrary script execution, and clearer trust labels are all part of the solution. As one analyst put it: “If Valve doesn’t adapt, attackers will keep exploiting the blind spots.”

While technical analysis is vital, the human impact of the BlockBlasters malware remains the most powerful reminder of what’s at stake. In the case of RastalandTV, the theft wasn’t just about cryptocurrency — it was about stolen hope.

“This wasn’t just a financial crime,” said Hill of Cyguard Labs. “It was an attack on the vulnerable, on someone who was relying on community generosity to fight for their life. That should hit all of us hard.”

The BlockBlasters scandal will likely be remembered not only as a cautionary tale of weak update security, but as a moral reckoning for the gaming industry. When trust is weaponized and generosity is punished, the entire ecosystem is put at risk.

Sources

• The Verge: Steam removes 2D platformer allegedly infected with malware, but not before it apparently steals over $150,000 in cryptocurrency from players

• GamesRadar: Steam removes 2D platformer allegedly infected with malware, but not before it apparently steals over $150,000 in cryptocurrency from players

• Tom's Hardware: Twitch streamer raising money for cancer treatment has funds stolen by malware-ridden Steam game - BlockBlasters title stole $150,000 from hundreds of players

• Bitdegree: Cancer Fund Wiped as Steam Game Drains Streamer's Crypto Wallet

• G Data Software: Infected Steam game downloads malware disguised as patch

• Eneba: Steam Game Crypto Scam; Streamers Lose Over $150,000