Valve has alerted Steam users to a compromised build of the game BlockBlasters that was used to steal cryptocurrency from players. The title has been removed from the Steam store. Users who launched the game recently are urged to perform immediate security checks to limit potential loss of digital assets.
Malicious update on Steam: how BlockBlasters was weaponized
According to Valve’s notice and corroborating community reports, BlockBlasters was considered safe until 30 August 2025. After that date, an update delivered a malicious component designed to exfiltrate crypto funds. This indicates the attackers abused the game’s update channel—a common form of supply chain attack—which is particularly dangerous because it can compromise already installed copies without additional user action.
Known impact: losses and victim counts
A high‑profile case involved streamer Raivo Plavnieks (RastalandTV), who reported losing $32,000 in donations after installing BlockBlasters. The incident drew wider attention from the gaming and security communities.
Blockchain investigator ZachXBT estimates that at least $150,000 was stolen from 261 Steam users. Threat research collective VXUnderground observed similar activity patterns and cited 478 potential victims, suggesting the campaign’s reach may be broader than initially assumed.
Attack vector: targeted social engineering via X
Researchers note that victims appeared to be selected deliberately. Adversaries reportedly used X (formerly Twitter) to identify users associated with significant crypto holdings and sent direct messages inviting them to test or promote the game. The presence of the title on Steam likely reduced suspicion, combining social engineering with platform trust to lower victims’ guard.
Valve’s recommendations and immediate containment steps
If you launched BlockBlasters after 30 August 2025
Valve advises performing a full antivirus scan, reviewing recently installed or suspicious applications, and seriously considering a clean operating system reinstall to eradicate any persistent components. Even brief system compromise can expose private keys and seed phrases, leading to ongoing risk of asset theft.
Additional digital hygiene is recommended: apply OS and browser updates, remove unknown extensions, rotate passwords and enable 2FA, and move funds to new wallets with seed phrases stored offline. If you used software wallets, regenerate keys and transfer assets to new addresses, ideally secured by a hardware wallet.
How to spot risky Steam games and update behavior
Red flags include requests to install components outside Steam, excessive permission prompts, unexpected update behavior, and unusual network activity. Check developer history, community feedback, and patch cadence for anomalies. Treat unsolicited DMs inviting you to test or promote titles with caution—especially if your crypto holdings are public or easily inferred.
Expert analysis: security lessons for gamers and crypto holders
This case underscores that mainstream distribution platforms—while valuable—do not guarantee safety. Abusing update mechanisms remains a favored tactic because it leverages existing trust and bypasses user skepticism. A layered defense is essential: apply the principle of least privilege, keep endpoints patched, and segregate high‑value crypto activity from everyday gaming systems.
Practical measures include application allow‑listing, monitoring for indicators of compromise, and maintaining offline backups of wallet seeds. Influencers and organizations approached for promotions should verify outreach via independent channels and refrain from executing binaries without vetting.
BlockBlasters is a timely reminder to adopt a zero‑trust mindset toward game updates and influencer outreach. If you could be affected, act now: scan your system, consider a clean rebuild, rotate credentials and wallet seeds, and transfer funds to secured destinations. Vigilance and layered controls remain the most effective defense against Steam malware and cryptocurrency‑theft campaigns.
