A free game download became the doorway into dozens of cryptocurrency wallets, according to federal investigators.
Federal agents arrested Zyaire Dontaevious Zamarion Wilkins, 21, of North Lauderdale, Florida, after accusing him of taking part in a video-game malware scheme that infected thousands of devices, according to Local 10.
Investigators said the infected games helped conspirators gain access to about 80 cryptocurrency wallets and steal at least $220,000 between May 2024 and February 2026.
Wilkins was charged with conspiracy to obtain information by computer for private financial gain. The charge is an accusation and has not been proven in court.
The Games Were Used To Deliver Malware, Agents Said
GameSpot reported that Wilkins was accused of helping hide crypto-stealing malware inside games connected to a popular digital distribution platform.
The federal complaint did not name the company directly. The FBI’s Seattle Division, however, has a public victim-information page for what it calls a Steam malware investigation.
The FBI says investigators are seeking people who may have installed games embedded with malware between May 2024 and January 2026. The games listed by the FBI include BlockBlasters, Chemia, Dashverse/DashFPS, Lampy, Lunara, PirateFi, and Tokenova.
Federal Agents Say About 8,000 Devices Were Infected
According to Local 10, the federal complaint says Wilkins and others launched eight games embedded with malware and infected about 8,000 customers’ devices.
Investigators said the games were promoted through social media and messaging platforms, including Discord, Telegram, X, and LinkedIn.
The scheme did not rely only on people finding the games on their own. Federal agents said conspirators used bots to identify people with large cryptocurrency holdings and send targeted messages encouraging them to download the infected games.
The Malware Went After Credentials and Wallet Access
After victims downloaded the games, investigators said the malware was used to access private data and login credentials.
The conspirators then searched that stolen information for anything that could open cryptocurrency accounts or wallets, according to the complaint quoted by Local 10.
That is what turned a game download into a financial theft case. Federal agents said the malware did not just steal gaming information or damage computers. It helped the group reach crypto wallets and drain money from victims, according to the complaint.
Investigators Linked Wilkins to the Handle “Sibel.eth”
Investigators said Wilkins used the handle “Sibel.eth” on Signal to communicate with an unidentified primary developer, according to Local 10.
Agents described the chats as showing a high level of collaboration between the two. The messages included discussions of “draining campaigns” involving cryptocurrency wallets, according to the complaint.
Investigators also said Wilkins bought a remote access trojan for $10,000, which helped attackers access victims’ systems.
Gift Cards Helped Investigators Trace the Money
Federal agents said they connected the “Sibel.eth” handle to Wilkins by tracing cryptocurrency payments from a scheme wallet to Bitrefill, an online service used to buy digital gift cards.
Investigators said more than 150 gift cards were purchased, mostly for Uber Eats, according to Local 10.
An FBI subpoena to Uber then tied those cards to an account that had deliveries sent to Wilkins’ University of West Florida addresses and to his home in South Florida. That spending trail helped connect the online handle, the crypto transactions, and Wilkins’ real-world locations, according to the complaint.
Agents Searched His North Lauderdale Home
Federal agents executed a search warrant at Wilkins’ North Lauderdale home before his arrest.
Local 10 reported that investigators seized multiple devices and three cryptocurrency wallet seed phrases.
One of those seed phrases was for a Monero wallet, according to the complaint summary. An agent wrote that Monero is often used by cybercriminals because it is harder for law enforcement to trace from source to destination.
Wilkins was arrested July 14 and was scheduled to appear in federal court in Fort Lauderdale the next day. Local 10 reported that the case is being prosecuted in Seattle federal court.
Gamers Should Treat Free Downloads and DMs Carefully
The warning is not only for crypto traders. Gamers, streamers, creators, and anyone with a wallet extension or saved login on a gaming computer can be exposed if malware gets onto the same device.
Players should be careful with free games promoted through direct messages, Discord servers, Telegram channels, X posts, LinkedIn messages, or paid “try this game” offers. A real-looking game page, social post, or download link does not prove the file is safe.
Before installing a game from an unfamiliar developer, users can check the developer history, reviews outside the platform, official website, file behavior, antivirus warnings, and whether the same title has been flagged by the FBI or security researchers.
What To Do if You Downloaded One of the Listed Games
Anyone who installed BlockBlasters, Chemia, Dashverse/DashFPS, Lampy, Lunara, PirateFi, Tokenova, or another suspicious game should stop using that device for banking, crypto, email, or password changes until it has been checked.
From a clean device, users should change passwords, revoke suspicious wallet approvals, move remaining funds to a new wallet generated on a clean device or hardware wallet, enable two-factor authentication, and review exchange accounts for unfamiliar logins or withdrawals.
Victims should save the game name, download date, Steam ID or platform account, wallet addresses, transaction hashes, Discord or Telegram messages, emails, screenshots, and any financial-loss records. The FBI’s Seattle Division is asking potential victims of the Steam malware investigation to submit information through its victim page.
Crypto theft tied to malware can also be reported to the FBI’s Internet Crime Complaint Center at IC3.gov. Users should be careful with anyone who contacts them afterward claiming they can recover stolen cryptocurrency for an upfront fee, since recovery scams often follow wallet-draining thefts.
