Malicious Steam Game ‘BlockBlasters’ Drains $31k From Cancer-Stricken Streamer

This story hit differently – because “verified” doesn’t mean safe

I love Steam because it’s frictionless. That trust is exactly why this one stings: a 26-year-old Latvian streamer, Raivo “Rastaland” Plavnieks, watched $31,189 meant for chemotherapy vanish live on stream after installing a free-to-play 2D shooter called BlockBlasters. The game looked legit, the page looked normal, and it had the kind of signals most of us read as “safe enough.” Then a malicious update turned it into a wallet-draining trap.

• BlockBlasters shipped a late-August update that executed a crypto-stealing payload.
• The malware scraped Steam credentials and drained browser-based wallets in minutes.
• Security researchers tie the same campaign to other victims, totaling $150k+ stolen.
• Valve removed the game; the community rallied to help, but skepticism lingers.

Breaking down what actually happened

Timeline matters here. BlockBlasters arrived on Steam in late July from a studio calling itself Genesis Interactive. On August 30, an update quietly changed the game’s behavior. When Plavnieks downloaded it during his September 21 stream, launching the game kicked off a script chain: a batch file (game2.bat) triggered a VBS loader, which planted a Python backdoor and then ran Block1.exe – a StealC-style infostealer. That cocktail is designed to vacuum up the good stuff: Steam session tokens, browser-stored crypto wallet data from Chrome, Brave, and Edge, and anything else it can get before you blink.

Within minutes, the streamer’s creator fees and wallets were emptied. He says roughly $32,000 disappeared; logs show $31,189 drained almost instantly. This wasn’t a one-off, either. Security researchers linked the wallet that hit Plavnieks to other victims of the same BlockBlasters build, pushing the total take past $150,000. Valve has since flagged the app as suspicious on SteamDB and pulled it from Steam, but the damage to trust is done.

No, “Verified on Steam” isn’t a security badge

One point of confusion that keeps popping up: the “verified” label some viewers cited likely refers to Steam Deck Verified – a compatibility program. It says the game runs on Deck; it does not audit security. Steam’s scale means curation is mostly automated, and bad actors increasingly abuse post-launch updates to slip in malicious binaries. We’ve been here before — remember Abstractism in 2018 mining crypto on players’ PCs? Same playbook, new tools.

To be fair, no storefront can promise perfect safety when a developer controls executable updates. But Valve could absolutely raise the bar: stronger automated malware scanning, behavioral sandboxing before updates go live, quarantining apps that spawn scripts (BAT/VBS) or sideload interpreters at runtime, and clearer UX that Deck Verified is not a trust seal. Gamers assume “it’s on Steam, it’s safe.” Attackers are betting on that assumption.

Compassion, skepticism, and the crypto mess in the middle

Plavnieks had been fundraising through a memecoin ($CANCER) on Pump.fun to cover treatment for a stage 4 sarcoma. After the theft, crypto Twitter rallied — the token reportedly spiked ~3,000%, and influencer Alex Becker pledged $32,500 to offset the loss. It’s humanity at its best colliding with crypto at its weirdest. Predictably, some called it a stunt because Pump.fun has a reputation for pump-and-dump churn. But the wallet analysis tying this theft to other BlockBlasters victims makes the “it was staged” theory look flimsy. If you’re inclined to doubt, at least doubt the right target: the malicious update pipeline that made this possible.

As gamers, we’ve got to navigate two truths: yes, memecoins attract grifters; and yes, malware authors love that chaos. The fix isn’t victim-blaming — it’s better platform defenses and better personal opsec.

What gamers need to do right now

• Don’t treat “popular,” “new,” or Deck Verified as security signals. They aren’t.
• Keep real money off your gaming rig. Use a separate device for finance; if you must use a PC wallet, make it a hardware wallet and store seeds offline.
• Avoid browser-based hot wallets on your main PC. Extensions are prime targets for StealC variants.
• Sandbox unknown downloads. Windows Sandbox or a throwaway VM beats blind trust, especially for new F2P titles from unknown publishers.
• Lock down scripts. Block .bat/.vbs by default via Software Restriction Policies or use a standard (non-admin) Windows account for gaming.
• Enable Steam Guard and keep your email 2FA’d. It won’t save a drained crypto wallet, but it can blunt account hijacks and trade theft.
• Watch for weird behavior post-update: command windows flashing, unexpected installers, or requests for elevated permissions — quit and investigate.

Why this matters beyond one stream

Games are a perfect delivery system for modern malware: huge audience, frequent updates, and a trust halo. The BlockBlasters incident isn’t just a heartbreaking anecdote; it’s a reminder that our hobby is now a high-value threat surface. If Steam tightens its update pipeline and communicates clearer security expectations, it sets a standard other stores will follow. If not, we’ll see more drive-by drains disguised as pixel art platformers.

TL;DR

A malicious update to a Steam game, BlockBlasters, drained ~$31k from Latvian streamer Rastaland’s chemo fund by deploying a StealC-style infostealer. Researchers tie it to a broader campaign over $150k. Valve pulled the game, the community rallied, but the real takeaway is simple: Deck Verified isn’t a security badge, and your gaming PC shouldn’t be your bank.