A Fake Game with a Real Price Tag
Zyaire Wilkins was a 21-year-old Florida resident and student. According to the FBI, he and unnamed co-conspirators created video games that looked legitimate. You could find them on Steam, download them, and install them like any other title. But these games contained malware designed to steal victims' passwords and drain their cryptocurrency wallets.
The FBI says roughly 8,000 victims got infected. From that pool, the hackers breached about 80 cryptocurrency wallets and made off with a minimum of $220,000 in digital currency.
Wilkins, also known online as "Sibel.eth," was arrested by federal agents. His attorney declined to comment when reached by reporters.
How the Scheme Actually Worked
The fake games appeared to be ordinary Steam releases. After a victim downloaded and installed the software, the hidden malware began collecting passwords from that computer.
Get the market news that matters in a five-minute read with Market Briefs, our free daily newsletter
Valve, Steam's operator, took down several infected titles from its storefront after discovering they contained malicious code. According to court documents, the scheme operated for approximately two years before law enforcement moved in.
Following the Digital Trail
Investigators pinpointed a particular crypto address involved in the operation and followed payments made from that address. Those funds were used to purchase various gift cards, including one for Uber Eats. Uber provided information revealing that the gift card purchases were tied to an account used to deliver food to Wilkins, as per the complaint.
Agents then obtained a search warrant for Wilkins' home. They confiscated his MacBook, multiple phones, other electronics, and his cryptocurrency wallets. The legal filing notes that he chose not to speak or respond to questions.
In March, the FBI said it was looking into a hacker believed to have used malware-ridden video games published on Steam to compromise victims. The FBI called on anyone who had installed the harmful games - especially those named in the current legal filing - to step forward and provide evidence.
Broader Context of Crypto-Theft Through Gaming
This case highlights a growing trend: cybercriminals exploiting the popularity of PC gaming platforms to distribute hidden malware. Steam, with hundreds of millions of active users, has long been a target for bad actors who upload seemingly harmless indie games laced with trojans. While Valve regularly screens submissions, sophisticated attackers can bypass initial reviews by updating game files after approval - a technique known as "supply-chain poisoning." The FBI's ability to link gift card purchases to a physical address shows how even careful criminals leave digital breadcrumbs. For crypto holders, the incident is a reminder that any software downloaded from unofficial channels - or even official storefronts - can pose a risk if it requests unusual permissions or modifies system files.
Join Market Briefs, our free daily newsletter, for a quick daily rundown of the markets
