Steam Malware Scams: How the FBI is Investigating Crypto-Theft Games and How to Report

The FBI's Unprecedented Public Investigation

The FBI's Seattle Field Office has taken the rare step of publicly announcing an investigation into malware distributed through the Steam platform. The agency is specifically seeking victims who encountered malicious software between May 2024 and January 2026. In a direct appeal, the FBI has promised confidentiality to those who come forward, urging them to share their experiences to aid the federal probe.

The significance of this move cannot be overstated. While platform holders like Valve have their own security teams, a public investigation by a federal agency like the FBI elevates the issue from a platform policy violation to a matter of criminal justice. It signals that the scale and sophistication of these scams—which target digital assets and personal information on a mass scale—have crossed a threshold demanding organized law enforcement intervention. This is a watershed moment, acknowledging that digital storefront fraud can have severe, real-world financial consequences.

The Malicious Games and How They Operated

The FBI has named seven specific games identified as vehicles for malware. Gamers are advised to check their libraries and download histories for these titles:

• BlockBlasters (also listed as BlockBasters)
• Chemia
• Dashverse / DashFPS
• Lampy
• Lunara
• PirateFi
• Tokenova

All identified games have now been removed from Steam, but their impact lingers. These were not merely buggy or poorly made games; they were crypto scams with a singular, malicious purpose. The malware hidden within them was designed to:

• Drain Cryptocurrency Wallets: The primary goal. The malware would scan a victim's computer for cryptocurrency wallet files and seed phrases, then exfiltrate the data to allow thieves to drain the assets.
• Hijack Online Accounts: Beyond crypto, the stealers often targeted login credentials for Steam, email, and other platforms, enabling further account theft or credential-stuffing attacks.
• Harvest Sensitive Data: The malware acted as an "infostealer," collecting passwords, browser cookies, credit card information, and other personal data from the infected system.

These games often presented themselves as casual indie titles or play-to-earn crypto games, leveraging gaming trends to appear legitimate.

High-Profile Cases and the Scope of Damage

The case of BlockBlasters exemplifies the human and financial cost. Following Raivo Plavnieks's public loss, blockchain investigators ZachXBT and malware research group VX-Underground analyzed the theft. Their findings were staggering: they estimated total losses from BlockBlasters alone to be roughly $150,000, siphoned from between 261 and 478 victim accounts. This was not a targeted attack on a single individual but a broad, automated assault on anyone who installed the game.

The game Chemia demonstrated the advanced tactics used. A threat actor known as "EncryptHub" used a malware loader called HijackLoader, which was deployed via a game update. This loader then downloaded the notorious Vidar infostealer and a custom malware variant dubbed "Fickle Stealer," creating a multi-layered attack designed to evade detection.

Perhaps most alarming was Valve's response to PirateFi, which distributed the Vidar stealer for about a week in February 2025. With up to 1,500 potential downloads before its removal, the threat was severe enough that Steam's official advice to affected players was to run antivirus scans and, in some cases, completely reinstall their operating system—a nuclear option that underscores the persistent and invasive nature of this malware.

These incidents confirm a disturbing truth: these were not isolated exploits or accidental vulnerabilities. They were deliberate, financially motivated cyberattacks launched from within a trusted commercial platform.

Why Steam is Vulnerable and How to Protect Yourself

This FBI investigation highlights a rising trend of malicious software infiltrating Steam. A common tactic exploits a gap in the platform's defenses: the post-approval game update. A developer can submit a seemingly benign game for Valve's review. Once approved and published, a subsequent update can introduce the malicious payload, bypassing the initial vetting process.

For gamers, vigilance is now a non-negotiable part of the hobby. Here are critical steps for protection:

• Scrutinize Unknown Developers: Be cautious with games from developers with no history or reputation. Check reviews and community forums for red flags.
• Question Game Updates: Be wary of small, unknown titles that receive frequent or large updates shortly after release.
• Employ Robust Security: Use a reputable, updated antivirus/anti-malware suite. Consider it essential gaming gear.
• Secure Crypto Assets: If you hold cryptocurrency, never store seed phrases or keys on your gaming PC. Use a hardware wallet for any significant holdings.
• Report Suspicious Activity: Use Steam's reporting tools for any game that behaves strangely or requests unusual permissions.

The responsibility lies both with the platform to enhance its review processes and with users to practice defensive computing.

How to Report to the FBI - A Step-by-Step Guide

If you downloaded or played any of the named games between May 2024 and January 2026, the FBI wants to hear from you—even if you are unsure whether you were affected. Your information is crucial to mapping the full scope of the campaign.

Here is how to report:

1. Primary Method: Visit the FBI's "Seeking Victim Information" web page for this case and fill out the official questionnaire.
2. Alternative Method: You can email the investigation team directly at [email protected].

The FBI is specifically requesting details on:

• Cryptocurrency transactions related to stolen funds (wallet addresses, transaction IDs/hashes).
• A list of any online accounts that were compromised.
• The total amount of funds stolen.
• Your Steam username and the date you downloaded the game.
• Any communications you had with the game's developers or promoters.

The FBI has assured that the identities of victims who provide information will be kept confidential.

The line between gaming and cybersecurity has irrevocably blurred. The days of assuming safety within a major digital storefront are over, replaced by a need for informed caution. The FBI's public investigation is a positive, necessary step toward accountability, aiming to deter future attacks and bring those responsible to justice. This action underscores that stealing digital assets is a serious crime with real victims. If you interacted with BlockBlasters, Chemia, PirateFi, or any of the other named titles, your report could be the piece of evidence that helps secure the wider community. By reporting your experience, you're not just seeking justice—you're helping to rebuild the trust that makes digital storefronts safe for everyone.

Tags: Steam, Malware, FBI Investigation, Cybersecurity, Cryptocurrency Scam