A devastating incident unfolded this past weekend when RastalandTV, a Twitch and Pump.fun streamer battling stage‑4 cancer, lost more than $32,000 in crypto funds meant to support his medical treatment. The funds were stolen shortly after he downloaded and played a game called BlockBlasters on Steam, one that had been secretly updated with credential-stealing malware.

RastalandTV had been raising money through Pump.fun, a Solana-based meme coin platform that went live in January 2024. It allows users to easily create and trade tokens, and also supports livestreaming. He used the platform to launch a token called $CANCER, created to help fund his cancer treatment.

On Sunday, September 21, while livestreaming, someone in his Twitch chat suggested he try a game called BlockBlasters. It appeared to be a normal 2D platformer on Steam. But shortly after downloading and running it, his wallet which held over $32,000 in creator fees was emptied.

In a post that quickly went viral on X, he wrote:

"For anybody wondering what is going on with $CANCER live stream… my life was saved for whole 24 hours until someone tuned in my stream and got me to download verified game on @Steam. After this I was drained for over 32,000$ USD of my creator fees earned on @pumpdotfun and everything quickly changed.

The video that accompanied the post showed him breaking down live on stream. 

Within hours, support started pouring in from across the crypto and streaming communities. Incredibly, on that same day, popular crypto influencer Alex Becker (@ZssBecker) replied to RastalandTV with a message of hope and direct financial aid:

"I have sent $32,500 to cover this to your new safe wallet. Best of luck to you my friend. <3 @rastalandTV"

By Monday, September 22, RastalandTV followed up with a heartfelt thank you:

"Hello everybody! I wanted to take a second and just thank you all from the bottom of my heart… Seems like the whole CT rallied together behind my story and is showing support one way or another…"

How the BlockBlasters Malware Infected RastalandTV's Wallet

The game BlockBlasters, developed by Genesis Interactive, first appeared on Steam on July 30, 2025. At launch, it was clean. But on August 30, the game received an update (Build 19799326) which introduced malware. This update silently turned the game into a tool for stealing sensitive data, and it remained active for almost a full month before being removed.

As explained by G Data, the malware was built to steal login credentials, wallet keys, and browser passwords. According to GBHackers, a script named game2.bat triggered the infection. It scanned the user's PC for antivirus software, gathered Steam account info, and sent it to a command-and-control server located at 203.188.171.156:30815.

The infection didn't stop there. Two scripts (launch1.vbs and test.vbs) then activated further processes. One installed a Python-based backdoor (Client-built2.exe), while another deployed a powerful stealer tool called Block1.exe, based on the StealC malware family. This tool scraped browser data like autofill credentials and saved passwords, and then sent them to 45.83.28.99.

To avoid detection, the malware altered Microsoft Defender settings to exclude the game's folder. From there, it operated silently, all while the player was busy playing what appeared to be a normal indie game.

Data from SteamDB shows the infected version of the game had been downloaded over 100 times. For RastalandTV, that one download cost him everything he had earned from the $CANCER token.

Widespread Fallout

Well-known onchain sleuth ZachXBT called out Steam's failure to act sooner:

"You clowns allow malware on your platform that has resulted in $150K+ stolen from victims (fake game has been available to download for more than a month)"

He estimated that over 261 accounts had been drained. The vx-underground research group suggested the number of affected users may be closer to 478, with total losses now beyond $150,000.

Steam has since taken BlockBlasters down and marked the game as "suspicious" on SteamDB. But by that point, the damage had already been done. On Steam's discussion forum for the game, a user named A Temu Vape issued a strong warning:

"A streamer played this game and had 30k stolen from their cancer treatment funding. There is a .bat file that disables antivirus software and looks for crypto wallets and stored passwords. Do. Not. Download. This. Game."

Ongoing Questions

The identity of the attacker behind the BlockBlasters malware is still unconfirmed. Some OSINT accounts on X have claimed that a Telegram account tied to immigration data and network logs could be linked to someone named Valentin Lopez. However, these claims are not verified, and Valentin Lopez has denied any involvement.

Law enforcement agencies have not yet confirmed any suspects, though researchers have shared logs, malware samples, and network data with authorities.

This Isn't the First Case

This isn't the first time malware has appeared in a Steam game. In July 2025, Chemia, a survival crafting game from Aether Forge Studios, was pulled from Steam after it was discovered to be spreading malware tied to a group called EncryptHub. That malware included HijackLoader, Vidar Stealer, and Fickle Stealer, which together stole browser info and crypto wallet data from users. It even used Telegram as a command system to control the malware remotely.

In a separate case, another Steam title, PirateFi, was also found to carry malware. 

Valve's Silence and the Verified Label Confusion

So far, Valve has not issued any official comment about the BlockBlasters breach. Many users assumed the game had gone through security checks because it was labeled "Verified" on Steam. Per Tom's Hardware, that Verified badge only confirms compatibility with Steam Deck. It says nothing about a game's safety or code integrity.

Still, trust in Valve's vetting process has taken a hit. More users are now calling for stronger checks, especially for indie games and updates that introduce new files after launch.

As for RastalandTV, the crypto and gaming community stepped in to help him rebuild. Thanks to direct help from Alex Becker, who sent $32,500 on the same day, and support from the Pump.fun team and fellow creators, he was made financially whole, but the emotional toll lingers.

The incident, broadcast live, served as a painful reminder of how digital threats can have real consequences. For many watching, it was more than just a hack. It was a cry for help, one that, thankfully, didn't go unheard.