A 21‑year‑old student from North Lauderdale, Florida, has been taken into federal custody after a multi‑month malware scheme that targeted Steam gamers and siphoned nearly $220,000 in cryptocurrency.

On July 17 2026, U.S. federal agents apprehended Zyaire Wilkins, who is accused of embedding malicious code into five Steam titles—BlockBlasters, Dashverse, Lampy, Lunara, and PirateFi—between May 2024 and February 2026. The following day prosecutors filed a criminal complaint that names Wilkins and unnamed co‑conspirators as the architects of the operation.

According to the complaint, the malware harvested login credentials, scanned for active crypto wallets, and drained funds from roughly 80 accounts, totaling about $220,000. Roughly 8,000 devices were infected, and the stolen coins were funneled through Bitrefill, a service that converts cryptocurrency into digital gift cards. More than 150 gift cards were linked to addresses associated with Wilkins’ university and home.

Wilkins operated under the online handle “Sibel.eth” and coordinated the scheme via encrypted Signal messages. The FBI described the case as a “Steam malware investigation” and noted that the group marketed the games on Discord, Telegram, X, and LinkedIn. Bots reportedly scoured these platforms for users with large crypto holdings and sent targeted messages that encouraged them to download the malicious titles.

During a search of Wilkins’ residence, investigators seized his MacBook, cellphones, and other devices. The 21‑year‑old is scheduled to appear in federal court in Fort Lauderdale on charges of conspiracy to obtain information by computer for private financial gain, a crime that carries a maximum sentence of ten years. Wilkins has declined to speak with investigators, and his lawyer has yet to issue a statement.

The arrest follows a broader FBI effort that began in March 2026, when the bureau announced it was investigating a hacker who had used malware‑embedded Steam games to compromise victims. In that March announcement, the FBI urged anyone who had downloaded the malicious titles to come forward.

The case underscores the growing risk of malware distributed through legitimate gaming platforms. Steam, operated by Valve, is the largest PC game distribution service, hosting more than 34,000 games and serving over 132 million monthly active users. While the platform offers a DRM and other services through its Steamworks API, it does not perform exhaustive malware scans on all submissions.

Industry observers note that the use of gaming titles as a delivery mechanism for crypto‑stealing malware is not new. Similar attacks were documented in 2025, when a free‑to‑play platformer called BlockBlasters was removed from Steam after it was discovered to contain a crypto‑drainer. The current case differs in scale and in the use of targeted social‑media outreach to lure high‑value victims.

At present, the case remains ongoing. No court ruling has been issued, and the outcome of Wilkins’ trial is unknown. The FBI has not released additional details about the identities of the unnamed co‑conspirators or the full extent of the financial losses. The investigation continues to gather evidence and identify other potential victims.

The arrest and indictment serve as a reminder that malware can be hidden in seemingly innocuous software, and that users who download games from third‑party platforms should exercise caution. The case also illustrates the intersection of gaming and cryptocurrency, a sector that has attracted both legitimate innovation and illicit activity.

As the legal process unfolds, stakeholders in the gaming and crypto communities will watch for any changes to platform security policies, potential restitution for victims, and the broader implications for cross‑border cybercrime enforcement.