The phrase "Florida man" has long been shorthand for the kind of headline that makes you do a double take. But the arrest of 21-year-old Zyaire Dontaevious Zamarion Wilkins in July 2026 delivers something rarer: a story where high-tech cybercrime and low-tech comeuppance collide in a single, absurd arc. Over two years, Wilkins allegedly helped run a malware campaign that infected roughly 8,000 gamers through fake Steam games and drained more than $220,000 in cryptocurrency from at least 80 wallets. The FBI cracked the case, but not because of some brilliant cryptographic breakthrough. They followed a trail of Uber Eats receipts, more than 500 of them.
The narrative writes itself: a sophisticated operation undone by an appetite for delivery food. But beneath the meme-worthy surface lies a serious breach of trust on the PC gaming's biggest storefront, and a warning for anyone who thinks their crypto wallet is safe just because they only download verified games.
The Scheme, Malware Disguised as Steam Games
Between May 2024 and February 2026, Wilkins and an unnamed co-conspirator uploaded eight malware-embedded games to Steam. The titles, BlockBlasters, Chemia, Dashverse/DashFPS, Lampy, Lunara, PirateFi, and Tokenova, spanned genres from action to survival, but all shared a hidden payload. Once downloaded and run, the software tricked players into approving malicious blockchain transactions, effectively handing over control of their cryptocurrency wallets.
The games weren't just sitting in the Steam store hoping for organic discovery. According to the FBI's 15-page criminal complaint, the pair used bots on Discord, Telegram, X/Twitter, and LinkedIn to target users who showed signs of large crypto holdings. The bots would message potential victims, often with fake reviews or personal recommendations, steering them toward the infected titles.
PirateFi, a free-to-play survival game, proved especially effective. It attracted roughly 7,000 players before Valve removed it from the store. BlockBlasters was even more damaging. The FBI estimates that single game stole over $150,000 from between 261 and 478 victims. Among those victims was a Twitch streamer whose cancer treatment donation fund was drained of $32,000 in September 2025.
Wilkins is accused of financing and marketing the malware rather than writing it. The individual who actually built the malicious code had their home searched by investigators but has not been charged, leaving the full scope of the operation unresolved. The FBI's investigation remains active, and the developer's identity is a key part of ongoing work.

The Downfall, How Uber Eats Tipped Off the FBI
For a scheme built on technical deception, the unraveling was strikingly analog. The FBI traced stolen crypto funds to a Bitrefill account, the stolen crypto was first converted into Bitrefill gift cards, which were then used to order Uber Eats deliveries. Uber provided records showing more than 500 separate food delivery orders, totaling over $9,000, all sent to two locations: Wilkins' family home in North Lauderdale, Florida, and his addresses at the University of West Florida.
Five hundred deliveries. The suspect allegedly used stolen cryptocurrency to pay for fast food, repeatedly, over months. Each order was a breadcrumb leading back to a physical address.
Investigators also linked the online handle "Sibel.eth" to Wilkins through Signal chats. In those conversations, he discussed purchasing a $10,000 remote access trojan and shared tactics for tricking victims into approving wallet-draining transactions. The chat logs provided the digital thread that connected the avatar to the person.
When agents searched Wilkins' home, they seized a MacBook, cellphones, and three cryptocurrency wallet seed phrases, one of them for a Monero wallet, a currency often favored for its privacy. The total cryptocurrency transaction history associated with Wilkins reached $382,000, exceeding the $220,000 he is alleged to have stolen from victims. That discrepancy may point to additional illicit income or simply the messy reality of crypto speculation mixed with crime.
The Investigation, From Valve to the FBI's Seattle Office
The criminal complaint was filed in the U.S. District Court for the Western District of Washington, which covers Bellevue, home to Valve's headquarters. The FBI's Seattle Division went public with the investigation in March 2026, launching a victim portal to collect information from anyone who had lost funds to one of the seven named games. As of July, the portal remained active, inviting new victims to come forward. If you lost funds to BlockBlasters, PirateFi, or any of the other named games, the FBI's victim portal (accessible through the Seattle field office website) is still open for submissions.
This case marks the first known arrest tied to malicious Steam games, but it's far from an isolated incident. In June 2026, cybersecurity firm Kaspersky reported that attackers were using Steam's Workshop system to distribute crypto miners hidden inside Wallpaper Engine wallpapers. The platform's open upload policy, a core part of its appeal, also makes it a target. Valve has historically relied on automated scanning and community reporting to catch malicious content, but this malware campaign ran for nearly two years, suggesting gaps in detection.
The conspiracy charge Wilkins faces carries a maximum penalty of 10 years in prison. With the unnamed developer still at large, the investigation remains active. Questions about how many other games might be carrying similar payloads, and how Valve can better vet content, are likely to persist.
The Peril and the Punchline
This is a story with two audiences. For gamers, it's a cautionary tale: even games on Steam, a platform most consider trustworthy, can contain malware. The FBI's complaint notes that the infected titles looked legitimate enough to attract thousands of players. The free-to-play survival game PirateFi had normal reviews, normal screenshots. Nothing obvious flagged it as dangerous until the victims started losing money.
For the broader public, the story is irresistible because of the contrast. A crime that used advanced techniques to steal digital currency was cracked open by something as mundane as a paper trail of Uber Eats orders. It's a rare case where the meme perfectly fits the reality.
Gamers looking to protect themselves should use hardware wallets for significant crypto holdings, double-check every blockchain transaction prompt before approving, and treat free-to-play titles with unusually aggressive social media marketing with extra skepticism.
But the real takeaway isn't the tabloid humor. It's that the same low-tech methods that caught Wilkins, bank records, delivery logs, a persistent investigator willing to check every address, remain surprisingly effective against high-tech crooks. And it's a reminder that no matter how sophisticated the malware, criminals tend to make the same mistake: they get comfortable. They order dinner. And they leave a trail.





Comments
Join the Conversation
Share your thoughts, ask questions, and connect with other community members.
No comments yet
Be the first to share your thoughts!