BlockBlasters Steam game scam steals $32K from Twitch streamer

A Shocking Turn of Events

This past weekend, the blockchain gaming and streaming world was rocked by a heartbreaking story. RastalandTV, a Twitch and Pump.fun streamer battling stage-4 cancer, lost more than $32,000 in crypto funds that were meant for his medical treatment. The devastating theft happened live on stream after he downloaded and played what looked like a harmless 2D platformer on Steam called BlockBlasters.

What seemed like an innocent gaming suggestion from chat turned into a life-changing disaster. The game had been secretly updated with malware designed to drain wallets. Within minutes, all the funds raised from his $CANCER token were gone.

Pump.fun and the $CANCER Token

For context, RastalandTV had been using Pump.fun, a Solana-based meme coin platform that launched in January 2024. It allows creators to launch tokens, engage with fans, and even livestream while building their communities. To fund his treatment, he created the $CANCER token — and it quickly gained traction, with supporters rallying behind his fight.

The funds from this campaign, around $32,000, were sitting in his wallet when he clicked “install” on BlockBlasters. Sadly, within moments of launching the game, everything he had raised vanished.

How the BlockBlasters Malware Worked

At first glance, BlockBlasters looked like any other indie title. It was launched on Steam on July 30, 2025, clean and playable. But things changed on August 30, when update Build 19799326 was pushed live. That patch introduced credential-stealing malware that ran silently in the background while players enjoyed the game.

Security researchers later revealed how it worked:

• A batch script (game2.bat) scanned for antivirus software and stole Steam account info.

• Additional scripts (launch1.vbs and test.vbs) installed a Python-based backdoor and deployed a stealer tool called Block1.exe.

• This tool, part of the StealC malware family, scraped wallet keys, browser autofills, and saved passwords before sending them to remote servers.

• To avoid detection, the malware altered Microsoft Defender settings to exclude its own folder.

In other words, the game wasn’t just malicious — it was sophisticated. And unfortunately, over 100 downloads occurred before it was flagged and removed.

Fallout and Community Response

When RastalandTV broke down live on stream, the clip went viral on X (formerly Twitter). Crypto communities and streamers rallied instantly. The most powerful moment came when crypto influencer Alex Becker stepped in. Within hours, he publicly announced he had sent $32,500 to RastalandTV’s new wallet to cover the stolen funds.

His act of kindness sparked even more donations and words of encouragement from fans, fellow creators, and Pump.fun supporters. By the next day, RastalandTV posted a heartfelt thank-you, saying:

This show of solidarity turned a devastating hack into a reminder of how resilient and generous online communities can be.

Steam’s Role and Ongoing Questions

Of course, this incident raises serious concerns about Steam’s vetting process. Onchain investigator ZachXBT criticized Valve directly, pointing out that malware had been live for weeks and had already drained over $150,000 in total from players across hundreds of accounts.

Even worse, many users assumed the game was safe because it carried a “Verified” label. But as tech outlets clarified, that badge only confirms a game runs properly on Steam Deck — it has nothing to do with safety or code reviews.

Valve has since removed BlockBlasters and marked it as suspicious, but the silence from the company has left many uneasy. For players who hold crypto or sensitive data on their machines, the risks are very real.

Other Malware Incidents on Steam

Sadly, BlockBlasters isn’t an isolated case. Steam has had multiple titles sneak in malicious code in recent years. In July 2025, Chemia, a survival crafting game, was pulled after distributing malware tied to EncryptHub. Around the same time, PirateFi was also found to contain wallet-draining malware.

For gamers and creators active in blockchain games, this trend highlights the need for extra caution. Always verify downloads, keep wallets on hardware devices where possible, and never assume that a “Verified” Steam game is automatically safe.

Lessons for the Blockchain Gaming Community

This incident is more than just a cautionary tale — it’s a wake-up call. As blockchain gaming continues to grow, the overlap between traditional gaming platforms and Web3 wallets is becoming a prime target for attackers.

Here are some practical takeaways for players and creators:

• Separate wallets: Keep gaming funds in a separate wallet from long-term holdings.

• Use cold storage: Hardware wallets protect against most malware attacks.

• Be skeptical: Even “verified” games can carry hidden risks.

• Stay updated: Follow trusted security researchers and community alerts.

• Back up securely: Always store private keys and seed phrases offline.

  
  

A Story of Hope Amid Hardship

While RastalandTV’s experience was devastating, it also showcased the strength of the crypto and streaming communities. The immediate rally of support — both financial and emotional — ensured that he could continue his fight against cancer without losing the progress he had made.

Incidents like this remind us that blockchain gaming isn’t just about tokens, wallets, or digital assets. It’s about real people, their struggles, and the communities that stand behind them. And as much as attackers may try to exploit the system, solidarity and resilience remain the most powerful defense.