U.S. federal authorities have arrested a 21-year-old Florida student accused of helping distribute malware-laced video games on Steam that allegedly compromised thousands of computers and stole more than $220,000 in cryptocurrency from victims.

According to a federal criminal complaint, Zyaire Dontaevious Zamarion Wilkins is accused of working with several unnamed co-conspirators to publish seemingly legitimate games that secretly installed malware capable of stealing passwords, sensitive personal information, and cryptocurrency wallet credentials.
Malware Hidden Inside Steam Games
Prosecutors allege that between May 2024 and February 2026, the group uploaded multiple infected games to Steam, including BlockBlasters, Dashverse, Lampy, Lunara, and PirateFi.
While the titles appeared to function normally, investigators say they contained malware designed to infiltrate users’ devices after installation. The software allegedly harvested login credentials and private data, allowing the attackers to gain unauthorized access to victims’ cryptocurrency wallets.
The FBI estimates the campaign infected approximately 8,000 computers, compromised around 80 crypto wallets, and resulted in at least $220,000 worth of stolen digital assets.
Authorities Say Social Media Was Used to Promote the Games
Court documents allege the conspirators promoted the infected games across platforms including Discord, Telegram, LinkedIn, and X, encouraging users to download them.
Investigators also claim the group used automated bots to identify individuals with significant cryptocurrency holdings before sending targeted messages intended to persuade them to install the games.
After victims downloaded the software, prosecutors say the malware collected sensitive information that enabled the attackers to access cryptocurrency accounts and drain digital assets without authorization.
Investigation Linked Crypto Transactions to Wilkins
The complaint identifies Wilkins, who is believed to be a student at the University of West Florida, as using the online alias “Sibel.eth” on the encrypted messaging platform Signal.
According to investigators, chats recovered from another suspect’s devices showed extensive collaboration between Wilkins and the operation’s alleged primary developer. Prosecutors claim the conversations included discussions about purchasing a remote access trojan (RAT) for $10,000 and planning cryptocurrency wallet “draining campaigns” aimed at tricking victims into approving malicious transactions.
Authorities say they later traced Bitcoin transactions connected to the alleged scheme to purchases made through Bitrefill, where cryptocurrency was reportedly used to buy more than 150 digital gift cards, primarily for Uber Eats.
Following a subpoena to Uber, investigators determined that the gift cards were linked to an account used for deliveries to addresses associated with Wilkins, including his residence and university housing.
FBI Search Leads to Arrest
Federal agents executed a search warrant at Wilkins’ North Lauderdale home last week, where they seized multiple electronic devices along with three cryptocurrency wallet seed phrases.
According to the complaint, one of the recovered seed phrases belonged to a Monero wallet. Investigators noted that Monero’s privacy-focused design can make cryptocurrency transactions significantly more difficult to trace.
Authorities also allege that Wilkins’ cryptocurrency transaction history showed approximately $382,000 in digital asset transfers, although the complaint does not state that the full amount was linked to stolen funds.
Wilkins was arrested on Tuesday and has been charged with conspiracy to obtain information by computer for private financial gain, an offense carrying a maximum prison sentence of 10 years if convicted.
His attorney had not publicly commented on the allegations at the time of publication.
Background
The arrest follows an FBI public appeal issued in March 2026 seeking information from users who had downloaded malware-infected Steam games. The titles listed in that appeal match several games identified in the criminal complaint.
Valve, the company behind Steam, has removed multiple games linked to the investigation from its platform over the past year, including PirateFi, after they were found to contain malicious software.
What the Case Highlights
The case underscores the growing threat of malware targeting cryptocurrency users through seemingly legitimate software. Rather than relying solely on phishing websites or fraudulent wallet applications, attackers are increasingly embedding malicious code inside downloadable programs that appear harmless.
For cryptocurrency holders, the investigation serves as another reminder to verify the legitimacy of software downloads, enable strong account security measures, and remain cautious of unsolicited recommendations shared through social media and messaging platforms.