Federal agents arrested 21-year-old Zyaire Dontaevious Zamarion Wilkins in Florida on July 14, alleging that he helped operate a malware campaign hidden inside video games distributed through Steam. The federal complaint says the conspiracy ran from May 2024 through February 2026, infected about 8,000 customer devices and gained unauthorized access to approximately 80 cryptocurrency wallets, causing at least $220,000 in losses. What appeared to be ordinary entertainment allegedly functioned as a delivery system for financial theft. Wilkins faces one count of conspiracy to obtain information by computer for private financial gain, though the allegations remain unproven in federal court proceedings.
Malware Campaign Combined Games With Targeted Outreach
Investigators allege Wilkins financed and procured malicious software from a primary developer, then helped promote infected titles through Discord, Telegram, X and LinkedIn. The complaint describes eight games used as delivery vehicles, including BlockBlasters, Dashverse, Lunara and PirateFi, names also listed by the FBI in its public request for Steam malware victims. Conspirators allegedly used bots to identify people with sizable cryptocurrency holdings and send targeted messages encouraging downloads. The campaign appears to have combined mass distribution with selective social engineering. That combination is unsettling because a legitimate storefront can create trust while personalized outreach supplies the final persuasive push.
After installation, the malware allegedly collected private data and credentials that could unlock cryptocurrency accounts. Seized Signal messages showed Wilkins, using the handle “Sibel.eth,” discussing draining campaigns with the developer and methods for tricking victims into authorizing transactions that would empty wallets instantly. Agents also allege he purchased a remote-access Trojan for $10,000, suggesting the operation involved both credential theft and direct device control. The alleged scheme exploited the moment when gaming software gains unusually broad access to a user’s computer. For crypto holders, that access can expose browser sessions, wallet applications and secrets capable of bypassing ordinary account protections.
Blockchain Tracing Connected Crypto to Everyday Spending
Investigators say blockchain tracing helped connect the online identity to Wilkins. Cryptocurrency from a wallet associated with the operation allegedly reached Bitrefill, where it purchased more than 150 gift cards, predominantly for Uber Eats. A subpoena linked those cards to an account receiving deliveries at Wilkins’ University of West Florida addresses and his South Florida home. The trail moved from pseudonymous transactions to ordinary consumer spending. During a July 8 search of the North Lauderdale residence, agents seized multiple devices and three wallet seed phrases, including one for Monero. The complaint says Wilkins sent or received approximately $382,000 in cryptocurrency.
The FBI’s Seattle Division is still seeking people who installed BlockBlasters, Chemia, Dashverse or DashFPS, Lampy, Lunara, PirateFi or Tokenova during the period identified in its Steam malware investigation. Potential victims may qualify for services, restitution and statutory rights. The case exposes how trusted distribution can become part of a targeted crypto attack chain without users recognizing the danger. Wilkins could face up to 10 years in prison if convicted, but the charge is an allegation and he is presumed innocent. The prosecution will now test whether digital evidence, encrypted chats and blockchain tracing establish the conspiracy beyond reasonable doubt.








