Infected games allegedly turned entertainment into financial surveillance.
North Lauderdale | July 2026
Federal agents have arrested a 21-year-old Florida man accused of helping distribute malware through video games offered on Steam, compromising approximately 8,000 computers and stealing at least $220,000 from cryptocurrency wallets around the world.
Zyaire Dontaevious Zamarion Wilkins, a resident of North Lauderdale, faces a federal charge of conspiracy to obtain computer information for private financial gain. Investigators allege that he financed, acquired and promoted malicious software embedded in several games distributed between May 2024 and February 2026.
The criminal complaint does not directly name Steam, referring instead to a popular digital software distribution company. However, the titles cited in the investigation correspond with games previously identified by the FBI’s Seattle Division in its search for victims of malware distributed through the platform.

The affected titles include BlockBlasters, Chemia, Dashverse, DashFPS, Lampy, Lunara, PirateFi and Tokenova. The FBI has asked anyone who downloaded those games, lost money or experienced unauthorized access to an account to preserve relevant information and report the incident.
According to investigators, the operation infected thousands of devices but concentrated its financial attacks on users believed to possess substantial cryptocurrency holdings. Approximately 80 digital wallets were allegedly accessed without authorization, representing about 1% of the compromised computers.
That comparatively low percentage appears to reflect a selective strategy rather than an unsuccessful campaign. The suspects allegedly used automated systems to identify cryptocurrency holders through social networks and messaging platforms before contacting them directly and encouraging them to download the infected games.
The titles were promoted through Discord, Telegram, X and LinkedIn, giving the malicious files the appearance of legitimate independent gaming projects. Once installed, the embedded malware allegedly collected private information, credentials and other data that could provide access to financial accounts.
Investigators say Wilkins did not necessarily create the infected games himself. His alleged role involved financing the operation, obtaining malware and assisting with promotion and victim targeting.
Federal agents had previously searched the residence of an unidentified developer believed to have played a central role in creating the malicious software. Devices seized during that operation reportedly contained conversations linking Wilkins to the scheme through the online identity “Sibel.eth.”

The encrypted messages allegedly revealed a high level of coordination between the two individuals. Investigators say Wilkins purchased a remote-access trojan for approximately $10,000 and discussed campaigns designed to drain cryptocurrency wallets.
A remote-access trojan can give an attacker covert control over an infected computer. Depending on its capabilities, the software may capture passwords, monitor activity, extract files, manipulate transactions or install additional malicious programs without the user’s informed consent.
The suspects also allegedly discussed methods for deceiving victims into approving transactions that would instantly transfer the contents of their wallets. This technique is especially dangerous because cryptocurrency payments are generally irreversible once confirmed on a blockchain.
The digital trail eventually moved from complex malware and anonymous wallets to something far more ordinary: food deliveries.
The FBI traced cryptocurrency from wallets associated with the alleged operation to a service used to purchase digital gift cards. More than 150 cards were reportedly acquired, most of them connected to Uber Eats purchases.
Records obtained from the delivery company linked those cards to an account used for orders sent to Wilkins’ family residence in South Florida and to addresses associated with him while attending the University of West Florida.
That connection provided investigators with a bridge between blockchain transactions, online identities and physical locations. Although cryptocurrency can obscure the identities of participants, converting digital assets into everyday goods often creates records that law enforcement can compare with account information, delivery addresses and device data.
Agents searched Wilkins’ North Lauderdale residence approximately one week before his arrest. They reportedly seized several electronic devices and three cryptocurrency wallet seed phrases, including one associated with Monero.
A seed phrase is a sequence of words that can restore access to a cryptocurrency wallet. Anyone possessing it may be able to control the corresponding assets, making such phrases among the most sensitive forms of information in the digital-finance ecosystem.
Monero is designed to provide stronger transactional privacy than many other cryptocurrencies. Its architecture makes transfers more difficult to trace, although possession or use of the currency is not illegal by itself.
Investigators also reviewed cryptocurrency activity allegedly connected to Wilkins and identified approximately $382,000 in funds sent or received. That amount is not necessarily equivalent to confirmed criminal proceeds, and prosecutors will need to establish the origin and purpose of the transactions in court.
One of the most serious reported losses involved money intended for medical treatment. Cybersecurity researchers documented the theft of approximately $32,000 that had reportedly been donated to help a Twitch streamer undergoing cancer treatment.
The case demonstrates how malicious actors can exploit the trust associated with established digital marketplaces. Users may assume that software available through a recognized gaming platform has been fully examined, yet malware can still enter an ecosystem through compromised developers, fraudulent publishers or malicious updates.
Gamers who also manage cryptocurrency face an elevated risk because wallet extensions, passwords and transaction records may be accessible from the same computer used to install unfamiliar software.
Security specialists recommend avoiding unsolicited game invitations, verifying developers independently and maintaining cryptocurrency wallets on devices separated from experimental software. Users should also revoke suspicious wallet permissions, change compromised credentials and review financial activity after discovering malware.
Valve, the company behind Steam, had not publicly responded to requests for comment when the arrest was reported. The investigation remains active, and the FBI continues attempting to identify additional victims.
Wilkins could face up to 10 years in federal prison if convicted. The accusation remains an allegation, and he is entitled to the presumption of innocence unless prosecutors establish guilt beyond a reasonable doubt.
The case exposes a growing cybersecurity reality: malicious software no longer needs to resemble an obvious virus. It can arrive disguised as entertainment, supported by promotional campaigns and distributed through environments users already trust.
The game may appear free, but the hidden cost can be complete access to a victim’s digital life.
Phoenix24 | Technology that informs, security that protects. Tecnología que informa, seguridad que protege.