Florida man arrested in Steam malware scheme accused of stealing $220K in crypto
FBI arrests a Florida man accused of distributing Steam malware through fake games that infected thousands and drained crypto wallets, investigators say.
Federal agents arrested 21-year-old Zyaire Dontaevious Zamarion Wilkins on July 14 after a criminal complaint linked him to a scheme that embedded Steam malware in multiple games and siphoned cryptocurrency from victims’ wallets. Prosecutors say the operation infected roughly 8,000 devices and resulted in the theft of at least $220,000 from about 80 cryptocurrency wallets, marking the first public arrest in an FBI investigation first made public in March. (local10.com)
Florida arrest follows months-long FBI probe
According to court filings and media reports, the FBI’s Seattle Division identified a pattern of malware-laden titles on a major PC game storefront and opened an investigation in early 2026. Agents traced online activity and financial flows before obtaining a search warrant for Wilkins’ North Lauderdale residence, where they seized phones, a laptop and crypto-related devices. (forms.fbi.gov)
The federal complaint charges Wilkins with conspiracy to obtain information by computer for private financial gain, a count that carries up to 10 years in prison. The complaint describes Wilkins as a financier and marketer of the scheme rather than the primary software developer. (decrypt.co)
Games named by investigators and scope of infections
Investigators have identified several titles they say were used to distribute the Steam malware, including BlockBlasters, Dashverse (DashFPS), Lampy, Lunara, PirateFi and Tokenova. The FBI’s victim-reporting notice lists the games and asks anyone who downloaded them between May 2024 and January 2026 to come forward with evidence. (forms.fbi.gov)
The complaint alleges the malicious code operated as an “infostealer” and cryptodrainer, capturing credentials and other sensitive data that allowed the conspirators to access and empty victims’ wallets. Victim counts and loss estimates in the filing reflect activity spanning roughly two years. (decrypt.co)
How the malware campaign reportedly operated
Prosecutors say the actors uploaded games that appeared to be legitimate to the platform, then promoted them through social channels including Discord, Telegram and professional platforms to lure players. Once installed, the tainted binaries established persistence and harvested credentials and secrets that enabled unauthorized transfers and wallet takeovers. (techcrunch.com)
The complaint further describes targeted campaigns that used automated tools to find high-value cryptocurrency holders and send them tailored messages encouraging downloads. Those tactics, investigators say, increased the likelihood of successful compromises among accounts with sizable crypto balances. (decrypt.co)
Tracing stolen funds through gift cards and deliveries
Federal agents traced some of the stolen cryptocurrency through on-chain transactions that converted funds into gift cards and other purchases. Subpoenaed records reportedly showed multiple gift cards bought with funds tied to the scheme, including cards used to order food deliveries made to addresses associated with Wilkins. (local10.com)
That chain of evidence — from blockchain transfers to merchant records — played a central role in identifying a suspect handle investigators linked to Wilkins and in supporting the search warrant that produced additional digital evidence. The complaint says encrypted messaging logs found on seized devices showed coordination between Wilkins and an unidentified “primary developer.” (decrypt.co)
Platform response and victim outreach
Valve, the maker of the Steam storefront, removed several of the named titles after security researchers and users reported suspicious activity, and the FBI publicly solicited victims to provide logs, wallet addresses and transaction records. The bureau’s reporting form and dedicated contact channel are intended to help investigators match stolen assets to those affected. (techcrunch.com)
Industry observers have warned that attackers can exploit the apparent trustworthiness of games distributed on major storefronts, since users are accustomed to installing products from such platforms without extra scrutiny. The FBI notice included guidance for potential victims and urged preservation of evidence such as screenshots and transaction hashes. (forms.fbi.gov)
Charges, prosecution and potential penalties
Wilkins faces a single federal count in the complaint filed in Seattle, where prosecutors contend the conspirators used the platform as a distribution vector for malware designed to obtain financial information and crypto assets. Law enforcement has not publicly named other individuals who may be under investigation. (decrypt.co)
The case remains under active investigation, and authorities continue to request information from anyone who downloaded the listed titles or observed suspicious communications related to them. The unfolding prosecution will test how investigators and courts handle cross-jurisdictional cybercrime that leverages consumer platforms and emerging financial rails. (local10.com)
The FBI is urging impacted users to preserve system logs, transaction records and any messages that led to a download, and to report incidents through the bureau’s designated channels so investigators can corroborate losses and pursue recovery where possible.