# When a Game Becomes a Trap *The BlockBlasters Malware Incident* By [Delilah's Realm](https://paragraph.com/@delilahsrealm) · 2025-09-24 hacker, crypto, videogames, cancer, scam, games, gaming, nft, trap, steam, blockblasters --- In the vast catalog of Steam’s digital storefront, _BlockBlasters_ barely stood out. A pixelated 2D platformer released on July 30, 2025, it attracted a small following and even earned a “Verified” badge for Steam Deck compatibility. But by late September, it was at the center of one of the most troubling cyber incidents in recent gaming history — a case where a trusted platform was used as a delivery system for advanced malware, siphoning more than $150,000 from players’ cryptocurrency wallets. The most heartbreaking story to emerge involved Latvian streamer Raivo “RastalandTV” Plavnieks, who is battling stage-4 sarcoma. Plavnieks had been raising donations for his treatment when he installed _BlockBlasters_ during a livestream. Within hours, $32,000 in crypto donations were gone. “It wasn’t just money,” he later said on stream, “it was my community’s hope for me.” ### The Malware Hidden in Plain Sight According to researchers at multiple security firms, _BlockBlasters_ began its life as a legitimate game. But on August 30, an update introduced a set of malicious payloads hidden within its installation files. At the core of the scheme was **StealC**, a well-known infostealer optimized for grabbing crypto wallets, browser credentials, and Steam session tokens. A Windows batch script acted as the loader, scouring local directories for sensitive files, while a Python backdoor maintained persistence and allowed attackers to push additional payloads. The malware exfiltrated data to attacker-controlled command-and-control (C2) servers, some of which were registered just days before the update went live. “This was a classic supply-chain attack, but against gamers,” explained Marcus Hill, a malware analyst at Cyguard Labs. “The trust users place in platforms like Steam is exactly what made this so effective. People didn’t think twice about downloading or updating a Verified game.” ### Exploiting Trust and Community What made _BlockBlasters_ especially dangerous was not only its technical payload, but the way it spread. The game’s Verified status on Steam — meant only to confirm compatibility with the Steam Deck — was misunderstood by many as a broader safety guarantee. Positive reviews reinforced its legitimacy, giving players little reason to be suspicious. Meanwhile, the attackers used **social engineering** to amplify their reach. On Twitch and Discord, fake accounts posed as gamers, encouraging others to try the “fun free game.” In some cases, victims were specifically targeted — particularly those known to hold or accept cryptocurrency. “This wasn’t random,” noted cybersecurity journalist Alex Williams. “The attackers infiltrated gaming spaces where they knew people would be more vulnerable to a recommendation from someone in chat. They blended technical exploitation with psychological manipulation.” ### The Fallout and Valve’s Response Valve removed _BlockBlasters_ from Steam on September 21, nearly three weeks after the malicious update appeared. By then, researchers estimate between 261 and 478 players had been affected. The takedown has sparked debate about the adequacy of Steam’s vetting process. Currently, new games undergo an initial review, but updates are not subject to the same scrutiny. Critics argue that this loophole effectively gives bad actors a way to slip in malware after a game’s release. Community members have also questioned the meaning of labels like “Verified,” which can create a false sense of security. “Verification should mean more than ‘this runs on the Steam Deck,’” one developer posted on X. “When users see a green checkmark, they assume safety.” ### A Bitter Lesson for Gamers The BlockBlasters incident underscores the growing risks in the gaming ecosystem, where digital storefronts have become prime attack vectors. Unlike shady websites, platforms like Steam enjoy built-in trust — and that trust is now being tested. For gamers, the takeaway is sobering. Even official storefronts are not immune to compromise. Experts recommend storing cryptocurrency in cold wallets, using endpoint protection capable of detecting commodity infostealers, and remaining wary of unsolicited game recommendations in chats. For platforms, the responsibility is greater. Continuous monitoring of game updates, stricter sandboxing to prevent arbitrary script execution, and clearer trust labels are all part of the solution. As one analyst put it: “If Valve doesn’t adapt, attackers will keep exploiting the blind spots.” ### A Human Cost Beyond Code While technical analysis is vital, the human impact of the BlockBlasters malware remains the most powerful reminder of what’s at stake. In the case of RastalandTV, the theft wasn’t just about cryptocurrency — it was about stolen hope. “This wasn’t just a financial crime,” said Hill of Cyguard Labs. “It was an attack on the vulnerable, on someone who was relying on community generosity to fight for their life. That should hit all of us hard.” The BlockBlasters scandal will likely be remembered not only as a cautionary tale of weak update security, but as a moral reckoning for the gaming industry. When trust is weaponized and generosity is punished, the entire ecosystem is put at risk. **Sources** * [**The Verge**](https://www.theverge.com/news/782993/steam-blockblasters-crypto-scam-malware): Steam removes 2D platformer allegedly infected with malware, but not before it apparently steals over $150,000 in cryptocurrency from players * [**GamesRadar**](https://www.gamesradar.com/games/steam-removes-2d-platformer-allegedly-infected-with-malware-but-not-before-it-apparently-steals-over-usd150-000-in-cryptocurrency-from-players/): Steam removes 2D platformer allegedly infected with malware, but not before it apparently steals over $150,000 in cryptocurrency from players * [**Tom's Hardware**](https://www.tomshardware.com/tech-industry/cyber-security/twitch-streamer-raising-money-for-cancer-treatment-has-funds-stolen-by-malware-ridden-steam-game-blockblasters-title-stole-usd150-000-from-hundreds-of-players): Twitch streamer raising money for cancer treatment has funds stolen by malware-ridden Steam game - BlockBlasters title stole $150,000 from hundreds of players * [**Bitdegree**](https://www.bitdegree.org/crypto/news/cancer-fund-wiped-as-steam-game-drains-streamers-crypto-wallet): Cancer Fund Wiped as Steam Game Drains Streamer's Crypto Wallet * [**G Data Software**](https://www.gdatasoftware.com/blog/2025/09/38265-steam-blockblasters-game-downloads-malware): Infected Steam game downloads malware disguised as patch * [**Eneba**](https://www.eneba.com/hub/news/blockblasters-scam-streamers-lose-150k/): Steam Game Crypto Scam; Streamers Lose Over $150,000 * [**KuCoin**](https://www.kucoin.com/news/flash/crypto-scammer-steals-32k-from-cancer-patient-reported-to-ice): Crypto Scammer Steals $32K from Cancer Patient, Reported to ICE * [**PCMag**](https://www.pcmag.com/news/another-steam-game-infects-players-pcs-with-malware-steals-150k-in-crypto): A PC game on Valve's Steam store has been discovered distributing malware and stealing users' cryptocurrency, draining an estimated $150,000 * [**Tweaktown**](https://www.tweaktown.com/news/107840/verified-steam-game-exposed-for-robbing-streamers-cancer-donations/index.html): Verified Steam game exposed for robbing streamer's cancer donations * [**Gbhackers**](https://gbhackers.com/blockblasters-steam-game/): BlockBlasters Steam Game Disguises Malware as Patch --- *Originally published on [Delilah's Realm](https://paragraph.com/@delilahsrealm/when-a-game-becomes-a-trap)*