Cancer-stricken streamer遭遇 "Steam malicious game" attack! $32,000 cancer treatment fundraising瞬間被盜

A streamer who is currently battling stage four cancer had their live stream interrupted when they opened the Steam game "BlockBlasters," and the $32,000 in crypto assets raised was stolen by hackers within minutes. Investigations revealed that the game was hiding a trojan that steals crypto wallets, resulting in at least 261 accounts being hacked, with total losses exceeding $150,000. This incident not only exposed serious vulnerabilities in Steam's platform security review but also serves as a warning to crypto asset users.

The Tragedy of a Cancer-Affected Streamer: Fundraising for Treatment Stolen During Live Broadcast

(Source: Youtube)

Streamer RastalandTV (real name Raivo Plavnieks) is facing the most difficult challenge of his life - stage four cancer. To raise the expensive treatment costs, he relies on the kindness of his viewers, successfully raising about 32,000 dollars in Crypto Assets through the Pump.fun platform.

However, fate played a cruel joke on this live streamer who had already suffered from illness. During a regular live broadcast, RastalandTV opened the game "BlockBlasters" on the Steam platform at the request of the audience. This game has an "extremely positive" rating, and many viewers also enthusiastically recommended it, looking completely fine.

But within just a few minutes of the game running, hackers silently invaded his encryption Wallet and transferred away the hard-earned $32,000 treatment fund. By the time RastalandTV realized what had happened, it was too late—the transaction on the blockchain was irreversible, and his hopes were shattered in an instant.

"BlockBlasters": The Shift from Legitimate Gaming to Malicious Trojans

The investigation by security researchers revealed the meticulous planning process behind the attack. "BlockBlasters" was initially launched legally on the Steam platform on July 30, and the initial version contained no malicious code. The game successfully passed Valve's review process and even received positive feedback from players.

However, on August 30, a month later, the developers pushed what seemed like a normal update, but in fact, it concealed multiple malicious programs:

· Batch file: Automatically execute malicious commands

· Python backdoor: allows remote control of the victim's computer

· StealC Reward Carrier: A malicious program specifically designed to steal Crypto Assets.

These malicious codes quietly scan the player's computer in the background while the game is running, looking for saved credentials and encryption wallet files in the browser. Once the target is discovered, it immediately sends the information to the attacker, allowing them to swiftly transfer the victim's crypto assets.

This incident exposed serious vulnerabilities in the security review mechanism of the Steam platform, especially regarding insufficient monitoring of updates for games that have already been listed.

The "Verification" seal of Valve is misleading

Valve has always used the "Verified" badge for Steam Deck compatibility as a guarantee of product quality. However, this incident reveals a harsh truth: these badges only represent that the gaming experience meets standards, and do not include any security testing.

What is even more concerning is that the Steam platform seems to lack an effective monitoring mechanism for subsequent updates of games that have been launched. The malicious update of "BlockBlasters" was not taken down until September 21st, having been live since August 30th, during which hundreds of users were harmed. This nearly month-long response delay is undoubtedly a serious security risk for a global gaming platform with hundreds of millions of users.

Experts call for improved security measures

Security experts point out that the Steam platform needs to establish a more完善 security mechanism, especially for the review of game updates:

Update Sandbox: Test the update content in an isolated environment before official release.

Code fingerprint comparison: Establish an automated system to detect potentially malicious code in updates.

Increase manual review: Conduct manual examination of suspicious updates to prevent automated system oversights.

These measures can help the platform intercept malicious updates before they are officially released, protecting user security.

The Security of Crypto Assets: The Double-Edged Sword of Irreversible Transactions

This incident also highlights the risks of the irreversibility of Crypto Assets transactions, especially in highly sensitive scenarios such as fundraising.

Pump.fun platform and the risks of Crypto Assets fundraising

The Pump.fun platform allows creators to quickly issue tokens to raise funds, providing a convenient channel for those in urgent need of funding, such as RastalandTV. However, the high volatility of crypto assets and the anonymity of their flow also pose significant risks.

Once an external Wallet is hacked, it is difficult for the platform and law enforcement agencies to recover the stolen funds. The immutability of the blockchain—this characteristic regarded as an advantage of Crypto Assets—becomes a nightmare for victims in such cases.

Precise Attack of Hackers

The attackers demonstrated a high level of professionalism, specifically targeting accounts holding multi-chain assets, emptying the victims' Bitcoin (BTC), Ethereum (ETH), and Solana (SOL) among various tokens in one go.

Security experts analyze that attackers are not only familiar with the operation mechanisms of various encryption Wallets, but also proficient in on-chain fund flow tracing and money laundering techniques, making the possibility of recovering stolen funds extremely low.

The warmth of the community and systemic challenges

The tragedy of RastalandTV has drawn widespread attention and sympathy within the encryption community. After learning of this news, cryptocurrency opinion leader Alex Becker quickly took action, directly transferring the equivalent of $32,000 in crypto assets to RastalandTV to help him recover his losses.

This spontaneous spirit of mutual assistance showcases the warm side of the crypto community, but it also highlights a harsh reality: systemic risks cannot be fundamentally resolved through individual acts of kindness. Without stronger platform security measures and user education, similar tragedies will continue to recur.

Self-protection measures for individual users

In the face of this threat, crypto assets users need to take stricter security measures to protect their assets:

Use an offline cold Wallet: Store most assets in a hardware Wallet that is not connected to the internet.

Layered fund management: Diversifying funds across multiple Wallets to avoid putting all your eggs in one basket.

Regularly backup your private keys: Ensure that you can recover your assets even if the device is damaged.

Be cautious when downloading software: especially applications that need to interact with your Wallet.

Use dedicated devices: Consider using equipment specifically designed for Crypto Assets trading to avoid mixing with everyday entertainment.

Conclusion: Warnings of the Digital Age

The tragedy of RastalandTV has sounded the alarm for all digital citizens: convenience and risk always go hand in hand in the digital world. When there are loopholes in platform reviews and encryption transactions are difficult to reverse, users' vigilance and self-protection awareness become particularly important.

For Valve and the Steam platform, this is a severe test. Whether they can establish a stronger security mechanism before the next update will determine the trust of players and investors.

For crypto assets users, this is a painful but necessary reminder: even on the most trusted platforms, it is essential to remain vigilant and take multiple protective measures.

In today's world where digital assets are becoming increasingly popular, security is no longer a responsibility that can be outsourced, but rather a cornerstone that every participant needs to jointly uphold.