The hidden payload behind BlockBlasters
Valve removed the title, BlockBlasters, from Steam on September 21 after cybersecurity researchers and victims reported that the software carried malware designed to empty crypto wallets. Investigators found that the game’s installer deployed a drainer program that activated after a short delay, avoiding immediate detection.
A streamer’s devastating loss
One of the most publicized cases involved a Latvian streamer who had been raising donations for cancer treatment. Within hours of downloading the game, more than $32,000 worth of assets were siphoned from his wallet. Security analysts estimate that total losses across affected players exceeded $150,000. Source: The Verge and community reports.
How the attack unfolded
Spear-phishing and influencer targeting
Cybersecurity firm Malwarebytes noted that attackers appeared to target streamers and influencers first, sending them review copies under the guise of promotion. Once downloaded, the malware embedded itself and scanned for wallet credentials and browser extensions tied to digital assets.
Delay as an evasion tactic
Unlike “smash-and-grab” malware, the drainer delayed execution until players had been active for hours or days. This strategy reduced the likelihood of immediate antivirus detection and helped spread trust as the game accumulated positive Steam reviews before its takedown.
The platform’s liability question
Steam’s swift removal of the game limited further spread, but the case highlights ongoing challenges for digital marketplaces. Unlike mobile app stores, which run deep code audits, PC game platforms historically rely more on community reporting.
“The reality is that these storefronts are designed for speed and scale, not forensic review of every line of code,” said Mikko Hyppönen, chief research officer at WithSecure. “But once you introduce crypto drainers into entertainment software, you’re dealing with financial harm far beyond normal malware.”
What players and creators can do
Harden wallet hygiene
Experts recommend never storing significant crypto balances in hot wallets linked to browsers or gaming environments. Cold storage, hardware wallets, or multisig setups dramatically reduce drainer exposure.
Use permission prompts carefully
Drainer families typically exploit users accepting a malicious transaction request in haste. Checking contract permissions, limiting approvals, and using wallet alerts can prevent catastrophic losses.
Treat “review builds” with suspicion
Streamers and content creators are increasingly targeted with malware disguised as game review keys. Security professionals urge influencers to run unknown builds in sandbox environments before connecting them to live systems.
A warning for mainstream adoption
As crypto seeps deeper into gaming, incidents like BlockBlasters are likely to multiply. For crypto skeptics, the attack confirms that adoption remains fraught with consumer risk. For believers, it underscores the need for better wallet infrastructure and platform vetting.
Either way, the incident shows how quickly digital culture and financial crime can collide, turning what looked like a lighthearted indie release into a six-figure heist.