A Steam “Game” Drained a Streamer’s Wallet Live — What This Says About Store Safety

The Steam malware incident that hit different

This one punched me in the gut. Dennis “rastalandTV” Zirkler, a streamer currently undergoing cancer treatment, says he lost more than $32,000 in crypto live on stream after installing a Steam game called Block Blasters. Minutes after booting it, his wallet was allegedly drained. The “game” has since been pulled from Steam. Valve hasn’t commented.

We’ve seen dodgy uploads slip through Steam before, but the human stakes here make it impossible to shrug off as just another shovelware scare. And the details matter: security researchers posted evidence the build contained a script hunting for browser credentials and crypto wallets. Meanwhile, parts of the audience questioned the streamer’s story because the funds were tied to a risky memecoin platform. That skepticism is fair in the crypto mess we live in-but the technical breadcrumbs look ugly.

Key takeaways

• Block Blasters appears to have shipped on Steam with credential-scraping code; it was removed only after damage was done.
• Streamers are uniquely vulnerable to “install it live!” dares, making platform vetting more than a checkbox exercise.
• Crypto-adjacent users are prime targets; hot wallets on your gaming PC are a massive risk.
• Valve needs better pre-publish scanning and clearer trust signals; players need stricter hygiene right now.

Breaking down what happened

According to Zirkler, “For anybody wondering what is going on with my live stream… someone got me to download a verified game on Steam. After this I was drained for over $32,000 of creator fees.” The “verified” bit is telling-Steam doesn’t have a global safety badge beyond Deck Verified, but average users read “on Steam” as “safe enough.”

Security folks quickly poked the executable. vx-underground shared a screenshot and asked, “Why does this video game contain a .bat file that looks for your browser credentials and crypto wallets?” That’s not normal for anything shipping through a reputable store. Community sleuths also claimed the receiving wallet was tied to another streamer hit by the same “game,” which suggests coordination rather than a one-off grab.

There’s controversy, sure. Some viewers noted the funds came via pump.fun, a platform famous in crypto circles for wild pump-and-dumps. But even if you dislike where the money came from, it doesn’t excuse a malicious build slipping through a storefront that dominates PC gaming. The personal tragedy and the technical red flags can both be true at once.

Steam’s curation problem (again)

I’ve covered Steam’s quality control rollercoaster since the Greenlight-to-Direct transition. The store is incredible at scale and terrible at certainty; when you let almost anyone publish for a small fee, you get creativity, asset flips, and sometimes outright malware. This isn’t unprecedented. Remember 2018’s Abstractism flap, where a tiny platformer was accused of cryptomining and item scams before getting booted? Valve tends to act decisively after the fact. The question is always: could the platform have prevented it before players got burned?

In this case, the presence of a batch file probing browser data and common wallet directories should’ve set off alarms. Static analysis isn’t perfect, but basic heuristics can flag suspicious patterns: credential access, token-stealing routines, unexpected shell scripts inside Unity/Unreal builds, or attempts to enumerate AppData paths. Add behavior checks in a sandboxed environment and most smash-and-grab stealers get caught.

Valve doesn’t need to turn Steam into iOS, but a few moves would help: robust pre-publish malware scanning (with transparent criteria), heightened review for first-time publishers, stronger identity verification, and a visible warning system for titles that request elevated privileges or ship with executable scripts outside the engine’s norm. Also, retire the fuzzy “it’s on Steam so it must be fine” aura-because it isn’t.

What gamers and streamers should do right now

• Separate machines: keep your crypto, banking, and password vaults off your gaming/streaming PC. If that’s impossible, at least segregate with separate Windows accounts and no saved browser creds.
• Use hardware wallets and cold storage. A hot wallet on a streaming rig is target practice.
• Sandbox first-run games. Windows Sandbox, a throwaway VM, or a cloud PC can catch suspicious behavior before it touches your real system.
• Kill the pressure installs. Set a policy: no “chat dared me” downloads. Queue requests, vet them offline, and only then install.
• Harden the OS: enable SmartScreen, keep Defender real-time protection on, and avoid whitelisting random folders. Don’t run unknown .exes with admin rights.
• If you’re hit: disconnect, revoke token approvals, rotate passwords, nuke-from-orbit reinstall, and assume browser-stored creds are compromised.

And for the rest of us: stop trusting review brigades. Block Blasters reportedly sported fake positive reviews to look legit. Check store age, publisher history, and community flags before clicking Install—especially if money lives on that machine.

Looking ahead

This incident won’t be the last. As more games touch wallets, marketplace items, or external accounts, the line between “game” and “attack surface” blurs. Valve’s silence might be standard PR practice, but players deserve a postmortem: what slipped, what’s changing, and how similar uploads will be blocked tomorrow—not weeks later.

I’m rooting for Zirkler to recover funds and, more importantly, his health. But I’m also done pretending Steam’s openness comes without cost. If the world’s biggest PC store can’t keep obvious stealers out, we have to play like it’s a zero-trust environment.

TL;DR

A Steam-listed “game” allegedly drained a streamer’s crypto live via credential-stealing scripts. The title’s gone; Valve hasn’t commented. Until store vetting improves, treat new installs like potential malware—especially if your wallet or saved logins live on your gaming PC.