BlockBlasters Cryptodrainer
A gamer raising funds for cancer treatment suffered a devastating loss of $32,000 after downloading a seemingly legitimate Steam game, highlighting the growing risks of malware targeting the cryptocurrency community.
Table of Contents
BlockBlasters: From Retro Fun to Crypto Threat
BlockBlasters, a 2D platformer developed by Genesis Interactive, was available on Steam between July 30 and September 21. Initially a safe free-to-play game, it gained several hundred 'Very Positive' reviews for its retro aesthetics, responsive controls, and fast-paced action.
However, on August 30, a malicious cryptodrainer component was secretly integrated, transforming the game into a tool for stealing cryptocurrency from unsuspecting players. The game has since been removed from Steam.
The High-Profile Incident
The malware was discovered during a live fundraising stream by a gamer battling stage 4 high-grade sarcoma. The streamer had also launched a GoFundMe campaign, which at the time of reporting had reached 58% of its goal.
Despite community support, the gamer revealed losses exceeding $32,000 due to the cryptodraining functionality embedded in the verified Steam title. Some members of the crypto community have stepped forward to assist in covering the loss.
Scope of the Attack
Investigations indicate that the attackers targeted multiple victims:
- Crypto investigators reported $150,000 stolen from 261 Steam accounts.
- Other sources claim 478 victims, providing a list of usernames and urging immediate password resets.
Targets were allegedly identified through Twitter, where they were noted for managing substantial cryptocurrency holdings. They were then lured with invitations to try out BlockBlasters.
Malware Mechanics and Exploits
A team of researchers examined the attack and found:
- A dropper batch script that checks the victim's environment, steals Steam login credentials, collects IP addresses, and uploads data to a Command-and-Control (C2) server.
- The use of a Python backdoor and a StealC payload to exfiltrate sensitive information.
- Operational security failures by the attackers, including exposed Telegram bot code and tokens.
Unconfirmed reports suggest the threat actor may be an Argentinian immigrant residing in Miami, Florida.
A Pattern on Steam
BlockBlasters is not an isolated case. Earlier in the year, Steam games such as:
- Chemia: Survival Crafting
- Sniper: Phantom's Resolution
- PirateFi
They were all found to contain malware targeting unsuspecting gamers. These incidents underline a recurring trend of malicious developers exploiting small or niche games.
Protective Measures
If you have installed BlockBlasters, it is crucial to:
- Reset your Steam passwords immediately.
- Move digital assets to new wallets.
As a general rule, exercise caution with Steam titles that:
- Have low download counts or limited reviews.
- Are in beta or early development stages, which may hide malware payloads.
Vigilance is essential to protect both personal and financial information in the gaming and cryptocurrency ecosystems.
