A malicious patch deployed on August 30, 2025 has transformed a legitimate Steam game into a weapon for stealing cryptocurrency wallet data, browser credentials, and sensitive user information in one of the most brazen supply chain attacks targeting the gaming community this year.
BlockBlasters, a 2D platformer available on Valve’s Steam platform, pushed update Build 19799326 on August 30 that contained hidden malware capable of harvesting cryptocurrency wallet files, browser-stored passwords, and Steam login credentials from infected machines. The attack went undetected for days before cybersecurity researchers identified the malicious payload embedded within the game’s update mechanism.
The Exploit Mechanics
The attackers compromised the game’s update pipeline and injected a backdoor directly into the patch distribution system. When users downloaded what appeared to be a routine game update, the malware silently installed itself alongside the legitimate game files. The payload specifically targeted cryptocurrency wallet directories, scanning for popular wallet dat files including Bitcoin Core, Electrum, and various ERC-20 compatible wallet configurations stored on the local machine.
Once executed, the malware established a connection to a command-and-control server and began exfiltrating sensitive data including browser cookies, saved passwords, and autofill form data from Chrome, Firefox, and Edge browsers. The stolen credentials were then transmitted to attacker-controlled infrastructure, potentially giving threat actors access to cryptocurrency exchange accounts, decentralized application sessions, and private key material stored in software wallets.
Affected Systems
The scope of the attack extends beyond individual gamers. The malicious Build 19799326 affected all Steam users who had automatic updates enabled and had BlockBlasters installed on their systems. Windows machines were primarily targeted due to the default storage locations for most cryptocurrency wallet software. Users running hardware wallets such as Ledger or Trezor were largely protected, as private keys never touch the computer’s file system.
With Bitcoin trading at approximately $108,800 and Ethereum near $4,374 on the date of the attack, the potential financial damage from compromised wallets is significant. Even a single exposed private key could result in losses ranging from hundreds to millions of dollars depending on the wallet balance.
The Mitigation Strategy
Steam removed the malicious build from its platform within hours of the discovery, and Valve issued an advisory urging all BlockBlasters players to scan their systems with updated antivirus software. Cybersecurity researchers published indicators of compromise including file hashes, registry modifications, and network communication patterns associated with the malware.
Users who had the infected build installed should take immediate action: run a full system malware scan using updated definitions, change all passwords stored in browsers, revoke any API keys or session tokens that may have been exposed, and most critically, transfer any cryptocurrency from software wallets that were accessible on the infected machine to new wallets with fresh private keys.
Lessons Learned
This incident underscores the growing intersection between gaming platforms and cryptocurrency theft. As more gamers hold digital assets, game distribution channels become attractive targets for supply chain attacks. The BlockBlasters case demonstrates that even legitimate software platforms like Steam can be weaponized when a single developer account or build pipeline is compromised.
The attack also highlights the importance of hardware wallets for anyone holding significant cryptocurrency values. Unlike software wallets that store private keys on a computer’s hard drive where malware can access them, hardware wallets keep private keys isolated on a dedicated secure element that no software-based attack can extract.
User Action Required
If you installed BlockBlasters Build 19799326 or had automatic updates enabled between August 30 and September 8, 2025, assume your system was compromised. Immediately scan your machine, change all critical passwords, and move cryptocurrency holdings to fresh wallets. For future protection, consider using a dedicated machine or virtual environment for gaming that is separate from any device used to access cryptocurrency wallets or financial accounts.
Disclaimer: This article is for informational purposes only and does not constitute financial or security advice. Always conduct your own research and consult with security professionals regarding threat mitigation.
a 2D platformer on Steam harvesting wallet dat files. imagine losing your Bitcoin savings because you updated a game lol
auto-updates are a double edged sword. thousands of Steam users had zero idea their game was stealing from them for days
steam auto-updates are on by default and valve isnt going to security audit every patch for every game. this attack surface is massive and its going to keep happening
imagine losing your life savings because you clicked update on a platformer. this is why hardware wallets exist. software wallets on a gaming PC is just asking for trouble
clipboard hijackers swapping crypto addresses + browser credential theft in the same payload. these attacks keep getting more layered
supply chain attacks targeting gamers specifically for their crypto wallets is a new level. valve needs better review processes for updates
Valve cant review every update for every game. they have thousands of titles. the real fix is OS-level crypto wallet protection not store-level review
os-level wallet protection is the right call but nobody uses it. ledger live integration is clunky and most gamers keep funds in metamask on the same machine they game on
build 19799326 went undetected for days. how many steam games pushed updates in that window that nobody checked? this could be happening right now on other titles