The FBI’s Seattle Division has opened a public investigation into multiple Steam games that embedded malware to steal cryptocurrency and hijack accounts between May 2024 and January 2026. The agency is asking anyone who installed the affected titles to submit incident details and victim information while it investigates a likely coordinated campaign exploiting Steam’s release and update processes.

Which titles and how the FBI is collecting reports

The FBI named several infected games by name — BlockBlasters, Chemia, Dashverse/DashFPS, Lampy, Lunara, PirateFi, and Tokenova — and is inviting victims to complete an official online form describing losses, account compromises, and promotional contacts. The notice comes from the Seattle Division and asks respondents to provide transaction traces, wallet addresses, and the dates they installed or updated the games; the FBI says responses will remain confidential and may be used for follow-up interviews.

How the malware worked inside otherwise normal game builds

Recommended Reading

Microsoft Entra Passkeys on Windows Bring Phishing-Resistant Sign-In to Unmanaged PCs

Microsoft is extending Entra passkeys on Windows to a part of the estate that has usually fallen back to weaker sign-in: personal, shared, and otherwise unmanaged PCs. The practical change is not that Windows gets a new passwordless option in general, but that organizations can now use phishing-resistant Entra authentication on Windows devices outside the […]

Microsoft Entra Passkeys on Windows Bring Phishing-Resistant Sign-In to Unmanaged PCs

Investigators found two classes of malicious code in the affected titles: cryptodrainers that siphoned funds directly from wallets, and information stealers that exfiltrate browser cookies, credentials, and private keys. Analysts attributed infections to known families such as Vidar and the loader called HijackLoader, and noted a recurring pattern where clean initial releases later received updates that introduced the malicious payload. In one high-profile instance, BlockBlasters’ update reportedly enabled a cryptodrainer that blockchain analysis links to roughly $150,000 in theft across hundreds of accounts, including a $32,000 loss during a streamer’s cancer fundraiser.

Why Steam’s distribution model made this feasible

Valve removed the offending titles after the FBI inquiry became public and posted user guidance — advising affected players to run antivirus tools and, in extreme cases, reinstall their OS — but the platform’s scale complicates prevention. Steam sees more than 20,000 new game releases a year and relies on a relatively small moderation team, which makes tracking malicious changes pushed in updates difficult and creates an operational vulnerability attackers can exploit with low-cost publishing and affiliate promotion.

Practical checkpoints: what investigators and platforms are watching next

The investigation is now at two clear checkpoints that will determine next steps: whether the FBI can attribute the campaign to a single threat actor or group, and whether Valve will adopt more rigorous pre- and post-release monitoring. The FBI’s public statement emphasizes collecting victim data now, which would support eventual criminal charges if technical and financial traces lead to an identifiable operator; for Valve, any finding of coordinated abuse tied to the platform could pressure the company into automated scanning, stricter update controls, or funding larger moderation teams.

Short Q&A

How should affected users respond? Follow the FBI’s Seattle Division form, preserve wallet transaction data and logs, change passwords, and run up-to-date anti-malware scans; Valve has also recommended reinstalling the OS in severe cases.

What evidence will matter most? Wallet addresses, transaction traces, timestamps of game installs/updates, and any promotional contacts or affiliate links tied to the game publishers — those are the items the FBI’s form specifically requests.

When will we know if there are prosecutions or policy changes? Attribution and prosecution timelines can take months to years; the nearer-term public checkpoint is whether the FBI names suspects or files charges, and whether Valve announces concrete changes to vetting, monitoring, or update controls in its developer policy.