Florida Man Arrested in $220,000 Steam Malware Scheme Targeting Crypto Wallets
Federal agents traced stolen Bitcoin spent on Uber Eats gift cards to unmask a cybercrime suspect.

Federal law enforcement has arrested a 21-year-old Florida resident, accusing him of participating in a sophisticated cybercrime ring that hid crypto-stealing malware inside seemingly legitimate online video games. The scheme, which ran from May 2024 to February 2026, compromised thousands of computers and drained hundreds of thousands of dollars from unsuspecting cryptocurrency investors.

According to a 15-page federal complaint filed in the U.S. District Court for the Western District of Washington, Zyaire Dontaevious Zamarion Wilkins of North Lauderdale, Florida, was arrested on Tuesday. He faces a charge of conspiracy to obtain information by computer for private financial gain—a federal offense that carries a maximum penalty of 10 years in prison.
The prosecution is being handled in Seattle, situated near the Bellevue, Washington, headquarters of Valve Corporation, the owner of Steam. While the official complaint refers to the targeted platform only as a popular digital distribution software company, the specific titles named in the document—including PirateFi, BlockBlasters, Dashverse, and Lunara—match those flagged in an active malware investigation by the FBI’s Seattle field office.
Games as Trojan Horses
Between May 2024 and February 2026, the conspiracy successfully launched eight malware-infected games, infecting roughly 8,000 devices. Once installed, the malicious software harvested private credentials, session cookies, and system data, allowing the conspirators to breach approximately 80 cryptocurrency wallets and steal at least $220,000.
To find victims, the group did not rely on passive downloads. Instead, they deployed automated bots across social media and messaging platforms, including Discord, Telegram, X (formerly Twitter), and LinkedIn. These bots were programmed to identify social media profiles associated with high-value digital asset holdings. Once a target was identified, the conspirators initiated contact, encouraging them to download and test the games.
Behind the scenes, investigators allege that Wilkins operated under the Web3-style pseudonym “Sibel.eth.” Using the encrypted messaging application Signal, Wilkins allegedly coordinated with an unidentified “primary developer” to orchestrate their draining campaigns—cyberattacks designed to trick users into signing malicious smart contract transactions that instantly empty their non-custodial wallets. To facilitate the intrusions, Wilkins reportedly purchased a remote access trojan for $10,000, giving the group deep access to infected operating systems.
The Paper Trail: From Blockchain to Uber Eats
While public blockchains like Bitcoin offer pseudonymous transactions, they also provide a permanent, immutable ledger that law enforcement can analyze. Federal agents successfully unmasked Wilkins by tracing the stolen Bitcoin from the group’s primary deposit addresses to Bitrefill, a popular platform that allows users to purchase real-world gift cards using cryptocurrency.
The conspirators used the platform to buy more than 150 digital gift cards, primarily for the food delivery service Uber Eats. Federal investigators issued a subpoena to Uber, which revealed that the gift cards were redeemed by an account registered to Wilkins. The delivery records showed multiple orders dispatched directly to Wilkins’ primary residence in North Lauderdale, as well as to student housing addresses at the University of West Florida in Pensacola, where he was enrolled.
When federal agents executed a search warrant at his North Lauderdale home, Wilkins exercised his right to remain silent and refused to speak with investigators. However, the physical search yielded critical digital evidence. Agents seized several electronic devices along with three cryptocurrency wallet seed phrases. One of these seed phrases was for Monero, a prominent privacy-focused cryptocurrency that utilizes advanced cryptographic techniques to obscure sender, receiver, and transaction amounts. Law enforcement officials frequently note that Monero is highly favored by cybercriminals due to its resistance to traditional blockchain analytics. A forensic review of Wilkins’ broader financial activity revealed approximately $382,000 in cryptocurrency moving through his controlled addresses.
A Growing Threat to the Gaming Community
The arrest of Wilkins marks the first public criminal charge stemming from a broader FBI investigation launched in March, when federal authorities urged gamers who had downloaded suspicious Steam titles to come forward.
The malicious games often bypassed initial security screenings by appearing as fully functional, legitimate indie titles. For example, PirateFi, which was marketed as a free-to-play multiplayer survival game, managed to attract roughly 7,000 players before Valve removed it from the Steam store and advised affected users to completely reformat their hard drives.
The financial and emotional toll of these attacks was highlighted last September during a live broadcast. A video game streamer raising money for cancer treatment had $32,000 stolen mid-stream after launching the malicious game BlockBlasters. That single title is estimated to have stolen over $150,000 from hundreds of players. The threat remains active; just last month, cybersecurity researchers identified malicious code embedded within Steam Workshop wallpapers, proving that bad actors continue to target the intersection of gaming and digital assets.
Wilkins made his initial appearance in a Fort Lauderdale federal court on Wednesday. A schedule for his extradition to Washington state to face the conspiracy charge has not yet been finalized.








