WEBVTT

00:00.000 --> 00:06.680
So today we're talking about a stage four cancer patient who pretty much just wanted

00:06.680 --> 00:12.560
some creator fees from his meme coin to pay for his cancer treatment.

00:13.020 --> 00:16.260
And what happened next kind of shows both the

00:17.120 --> 00:22.620
cruelest side of cyber crime that exists and kind of the most beautiful response

00:23.400 --> 00:29.460
from the internet when good people decide to actually fight back.

00:30.000 --> 00:33.420
I think it also shows the power that exists in the collective.

00:33.920 --> 00:36.880
It was smaller than a tennis ball basically.

00:37.720 --> 00:42.480
The lump started growing on my back it started becoming bigger and bigger

00:43.260 --> 00:49.480
and it started already pressing on some of my nerves inside my uh leg spine

00:50.440 --> 00:56.520
so I couldn't walk I couldn't do anything and because in lot we it was minus 20 degrees

00:57.000 --> 00:59.000
I was also extra sensitive

01:01.120 --> 01:06.140
like it has stopped to growing for the first time it doesn't like

01:08.940 --> 01:14.260
I can't explain to you guys the feeling that it hasn't given me during the nights like

01:15.160 --> 01:20.880
imagine that 24 December I fly to my country I

01:23.180 --> 01:28.580
I met my family everything was fine I was playing with like my mom's dog

01:29.070 --> 01:34.680
with my brother stuff like that and three days later I was tied to bed for

01:36.220 --> 01:39.320
how much it is almost 10 months.

01:39.780 --> 01:44.500
And this is a departure from the typical stuff that I tend to talk about on this channel

01:44.500 --> 01:48.860
but I do think that it's important the good people that are actually out there

01:48.860 --> 01:55.380
now rastlin tv his cancer token on pump fund generates creator fees

01:55.820 --> 02:02.180
that basically fund his treatment after his family went bankrupt in December of 2024

02:02.580 --> 02:08.260
from his medical costs and his brother javado sorry if I mispronounce your name dude but

02:08.880 --> 02:14.240
they really desperately needed every dollar like they could possibly get their hands on

02:14.800 --> 02:22.940
first survival and on September 20th of 2025 while rastlin tv was actually broadcasting live

02:22.940 --> 02:28.900
an unknown individual ended up contacting him with what seemed like a legitimate opportunity

02:28.900 --> 02:37.480
and they offered him financial compensation to basically play a steam demo of a game called

02:37.480 --> 02:44.200
block blasters and don't go actually looking for this game it's not what you actually think

02:44.200 --> 02:52.680
on the outside it looks like a free to play game that's listed on steam under app id 3872350

02:52.680 --> 02:59.040
for a dying man that's struggling to try and pay for cancer treatment any income really looked

02:59.960 --> 03:05.880
kind of like hope and the attackers had done their homework in this case they had reached out

03:05.880 --> 03:13.000
to him and they knew about his financial desperation they had studied his medical condition they

03:13.000 --> 03:20.240
attract his streaming schedule and they crafted their offer specifically to exploit his specific

03:20.240 --> 03:26.240
dire circumstances knowing exactly how desperate he actually was for any source of income

03:26.240 --> 03:32.880
this was absolutely a targeted psychological warfare opera social engineering whatever you

03:32.880 --> 03:40.280
call it and it had really really profound and devastating results he ended up downloading

03:40.280 --> 03:46.600
the executable directly from steam during his live broadcast and he ran it immediately

03:47.540 --> 03:55.100
because he trusted valves platform and this is a great lesson for anyone out there who

03:55.100 --> 04:00.400
actually does this he had absolutely no reason at the end of the day to suspect any kind of

04:00.400 --> 04:08.600
malware whatsoever from steams supposedly curated marketplace that exists right i mean i think we

04:08.600 --> 04:15.460
all feel that way and the game appeared legitimate it was listed on the official platform that

04:15.910 --> 04:21.660
literally millions of users trust every day for things like safe downloads and the malware

04:21.660 --> 04:28.320
basically activated instantly as soon as he ran it block blasters was actually a crypto

04:28.320 --> 04:35.460
drainer that was specifically engineered to target browser based wallets like phantom and

04:35.460 --> 04:42.040
soul flare and the malicious code ended up scanning his installed browser extensions it

04:42.040 --> 04:49.480
identified crypto wallet software and it extracted private keys from his local storage and within

04:49.480 --> 04:58.280
minutes approximately 32 000 in his creator fees for his cancer meme coin vanished from his wallet

05:13.740 --> 05:19.460
the crypto funds moved immediately through predictable laundering patterns that we usually see

05:19.460 --> 05:26.200
the drainer basically transferred everything to an okay excellent wallet and basically liquidated

05:26.200 --> 05:33.300
the cryptocurrency virtually instantly the entire thing was live stream was footage that was

05:33.300 --> 05:40.680
captured that showed the kind of devastating moment when this actually happened with him

05:41.280 --> 05:48.000
literally crying out i'm broke now um as a friend i think he was a friend attempted to

05:48.400 --> 05:54.000
try to console him that's happening the crypto for you i understand this can be

05:54.000 --> 05:59.160
very difficult because that money normally can help you for a lot of things in your life

06:02.380 --> 06:03.720
but it's not the end okay

06:08.780 --> 06:10.440
you're such a brave person

06:14.080 --> 06:23.080
i am i'm broke and i'm no i'm i'm sorry guys

06:25.840 --> 06:32.960
and this is like a dying man watching like an old dying man either like a young man

06:32.960 --> 06:39.920
who's dying um literally watching his medical funds stolen in real time

06:40.500 --> 06:47.600
while broadcasting to an audience that included his own brother who he had already sacrificed

06:47.600 --> 06:52.020
everything his brother had already sacrificed everything to try to keep him alive and thieves

06:52.020 --> 07:02.300
had specifically chosen basically to torture this dying man in order to extract his cancer

07:02.300 --> 07:07.800
treatment money which really shows the nature of the beast that we're dealing with out there

07:07.800 --> 07:14.360
the psychological impact on him was absolutely immediate and he was crushing the 32 000 represented

07:14.360 --> 07:20.780
his life it was literally like seeing your life be taken from you for that organization is

07:20.780 --> 07:27.200
probably pocket change right for this organized cyber crime op they're basically parasites who

07:27.200 --> 07:35.520
had used his hope against him and stolen the funds that he needed to live and they elected to

07:35.520 --> 07:42.240
inflict this maximum level of human suffering but then something really extraordinary began to happen

07:42.240 --> 07:49.820
the internet started to become self aware so to speak word spread through the crypto community as

07:49.820 --> 07:59.020
as a whole kind of faster than any government response would have defied downson who had known

07:59.920 --> 08:06.200
rastilon tv for years immediately began trying to coordinate support efforts and the community

08:06.200 --> 08:13.280
understood pretty much immediately what had actually happened and kind of started mobilizing resources

08:13.280 --> 08:17.860
without actually waiting for you know institutional help because they knew it wasn't coming or

08:17.860 --> 08:25.880
any kind of like bureaucratic approval which if you me and you got to watch my content

08:25.880 --> 08:33.620
regularly that part of the story alone is pretty much to me really what makes this whole story

08:33.620 --> 08:39.840
worth telling is people having self-sufficiency in their own communities it's absolutely amazing

08:39.840 --> 08:47.020
zss becker or alex becker stepped up with the first as far as i know the first really

08:47.020 --> 08:52.740
massive gesture when he donated thirty two thousand five hundred to actually replace the

08:52.740 --> 09:00.000
stolen funds he basically covered the entire loss and then some for whatever extra treatment costs

09:00.000 --> 09:07.740
actually existed and easy eats bodega contributed another ten thousand on top of that while sold

09:07.740 --> 09:14.880
jakey and other crypto personalities basically began spreading the word and organizing additional

09:14.880 --> 09:22.600
support across all of their networks that they had a rastilon tv successfully executed a community

09:22.600 --> 09:32.900
takeover to redirect future creator rewards to secure devices and wallets that he had so his new

09:32.900 --> 09:41.340
wallet address is here it'll also be listed in the pin comment below but basically the community

09:41.340 --> 09:47.720
immediately began buying cancer tokens on top of everything else and this was specifically to

09:47.720 --> 09:54.380
generate more creator fees for his actual treatment pushing the market cap to six hundred and thirty

09:54.380 --> 10:01.860
two thousand through pure solidarity and this is a really cool story because it's not like a rug

10:01.860 --> 10:08.300
poll we see so many of those it's so gross it's like the the disgusting hoe hop to a girl rug

10:08.300 --> 10:13.740
pulling people then acting like a victim later on this is one where like people actually contribute

10:13.740 --> 10:20.720
willingly and it's it's a really it's just it's a it's kind of a beautiful story right um and i

10:20.720 --> 10:25.560
know this kind of sounds lame but it really kind of is in my opinion um and if any of you

10:25.560 --> 10:32.660
were kind of watching this who were born in the 80s like this kind of thing might kind of sound

10:32.660 --> 10:37.880
familiar to you right for those of you who are younger than that believe it or not like the

10:37.880 --> 10:44.500
internet actually used to be a fairly community driven place much more than it is now where

10:44.500 --> 10:51.100
it's predominantly echo chambers of anger and and would not um nowadays basically we see a lot of

10:51.100 --> 10:57.540
sniping out there in terms of like people taking shots at each other on social media and i'm absolutely

10:58.220 --> 11:05.460
one that's you know kill to you this a hundred percent uh but like back in the day in in my

11:05.460 --> 11:11.120
opinion there was a lot more togetherness uh even with the internet being as decentralized

11:11.920 --> 11:17.060
as it is with people all around the world i think that one of the best ways i've ever

11:17.060 --> 11:22.580
heard this kind of nostalgic internet actually described was in Edward Snowden's book and when

11:22.580 --> 11:29.100
i hear stories like this really it kind of immediately brings me back to those early days of

11:29.100 --> 11:34.000
the internet where not every single thing was monetized like you can't even watch a review

11:34.000 --> 11:41.120
anymore like the review for the product will have ads and it's just like it's absolutely insane um

11:42.520 --> 11:50.360
anyways while the crypto community was replacing his stolen funds the real hunters were gearing

11:50.360 --> 11:56.400
up right uh they were just getting started and when i say hunters i like don't mean the loser

11:56.400 --> 12:03.760
thieves who actually researched him and and ended up robbing him i mean like the people that

12:03.760 --> 12:09.540
are out there that in my opinion are worth their weight in gold are some of the best

12:09.540 --> 12:15.360
ones that actually exist that's when i say hunters that we mean a vx underground who is

12:15.360 --> 12:21.640
basically the cyber security collective that maintains the internet's largest malware connect

12:21.640 --> 12:29.640
collection um immediately began reverse engineering the attack and this was in fact who i originally

12:29.640 --> 12:37.480
had heard this story from and within hours over 50 malware researchers osin specialists and

12:37.480 --> 12:44.920
cyber security professionals had actually mobilized for a coordinated decentralized investigation

12:45.920 --> 12:53.160
how badass is that right like essentially the thieves had just really kicked the wrong hornet's

12:53.160 --> 12:59.960
nest um and these researchers worked completely independently of corporations and governments

12:59.960 --> 13:04.900
they hunt predators like this on kind of a regular basis because they refuse to watch

13:04.900 --> 13:09.640
innocent people get destroyed dcy i said that there's some of the best people out there

13:09.640 --> 13:15.780
right i think that was a fair description um anyone actually willing to stand up for

13:16.520 --> 13:23.020
like the innocent or the people that are defenseless in my opinion are the ones that

13:23.020 --> 13:29.520
we should be trying to elevate because those are the people that make us as a human species

13:29.520 --> 13:36.420
just better quality altogether anyways the actual technical analysis really revealed

13:36.420 --> 13:43.720
kind of the crude but effective nature of the actual attack block blasters used python and

13:43.720 --> 13:50.060
bat files likely generated through something like chat gbt or a generic train as a service

13:50.060 --> 13:55.720
platform these losers had basically hired a developer on telegram to create the games

13:56.360 --> 14:04.440
facade right showing how kind of commercialized uh and accessible really targeted malware

14:04.440 --> 14:11.180
distribution has become and for all of you out there sending me pdfs and sending me winks

14:11.180 --> 14:18.440
and email um this is why i don't click anything this is like everything's containerized uh

14:18.440 --> 14:24.360
anyways side issue the malware researchers though credit to them like quickly identified

14:24.360 --> 14:32.640
specific file signatures the bot component for example had a certain hash and the game to

14:32.640 --> 14:39.640
executable um another specific hash and they also discovered a fake virus total user named

14:39.640 --> 14:46.040
zombie bunny who had actually attempted to try to legitimize the malware through false negative

14:46.040 --> 14:52.380
reports that they had actually submitted the oscent specialists went to work tracking these

14:52.380 --> 14:59.560
thieves on across multiple platforms and they analyzed the attack infrastructure through steam

14:59.560 --> 15:06.700
accounts telegram channels and cryptocurrency wallet addresses and basically the thieves had

15:06.700 --> 15:11.840
made a more than a few critical operational security mistakes that basically allowed

15:11.840 --> 15:18.980
researchers to track their footprints back to their real world identities and within the span

15:18.980 --> 15:26.520
of like a couple hours of the actual attack the investigators had actually identified the criminals

15:26.520 --> 15:36.600
they had they had traced them back to telegram and and um steam identities uh to a few individuals

15:36.600 --> 15:43.740
that were in argentina with more allegedly in the united states on a visa and the malware analysis

15:43.740 --> 15:49.560
team basically extracted all the victim data from the trainer infrastructure they identified every

15:49.560 --> 15:56.160
person who had been targeted by the same malware campaign um and they prepared notifications

15:56.580 --> 16:02.980
for other potential victims and flagged all the malware samples across security platforms

16:03.480 --> 16:10.160
their goal was basically in preventing future attacks while also gathering evidence about past

16:10.160 --> 16:21.060
ones now this brings us to steam's response which demonstrated just the absolute worthlessness of

16:21.840 --> 16:28.480
institutional security promises to a large degree um and the ability for trust to be

16:28.480 --> 16:35.660
exploited fairly easily with things like that and despite receiving over 100 user complaints

16:35.660 --> 16:44.440
about this malicious game valve's removal process moved at like a snail's pace or even worse a

16:44.440 --> 16:51.900
bureaucratic speed while real users actually suffered real financial damage continually

16:51.900 --> 16:58.260
and the game remained available for download while independent researchers did the actual work of

16:58.260 --> 17:06.480
trying to protect users from these thieves and the volunteer research army basically achieved

17:06.480 --> 17:12.100
results that no corporate security team or government agency could really match in terms

17:12.100 --> 17:18.060
of speed and agility and they shared malware signatures across the entirety of the security

17:18.060 --> 17:22.860
community they documented the attack they showed the patterns for future prevention

17:22.860 --> 17:28.640
and uh they kind of created actionable intelligence that other researchers could

17:28.640 --> 17:35.480
really use immediately um and this kind of voluntary collaboration between skilled individuals

17:35.480 --> 17:42.900
really proved more effective than any kind of institutionalized cyber security response that

17:42.900 --> 17:47.780
would have charged a ridiculous amount for um and been half as effective and that's because

17:47.780 --> 17:55.300
their heart was in it really um and all of this kind of ended up really leading researchers to

17:55.300 --> 18:02.780
discover similar malware threats in steam um specifically the steam workshop uh for games

18:02.780 --> 18:10.240
like city skylines revealing abuse of vows platform for things like malware distribution

18:10.240 --> 18:18.160
and the workshop system allows what's user generated content with even less oversight than

18:18.160 --> 18:25.000
the main game catalog which really creates this kind of massive attack surface for thieves criminals

18:25.000 --> 18:32.740
whatever um and throughout the years i've heard a ton of arguments against piracy with

18:33.180 --> 18:40.760
the vast majority of those arguments being that when you when you buy a game as opposed to

18:42.560 --> 18:46.420
download a copy of it i don't call it stealing and that there's a whole another

18:46.420 --> 18:54.440
thing uh not that i pirate anything i don't pirate anything i would not pirate anything um because

18:58.320 --> 19:05.400
yeah anyways the biggest argument that i tend to hear in regards to piracy is malware

19:06.010 --> 19:12.520
well they put malware in the in pirated software and it's like not a lie it's true that does happen

19:14.600 --> 19:20.880
but to me like that was one of the largest driving principles for people to actually

19:20.880 --> 19:35.660
purchase games with that going it's anyways anyways in any case back to rastlin tv um he

19:35.660 --> 19:41.660
basically recovered from the immediate technical damage and emotional damage obviously catastrophic

19:42.400 --> 19:49.440
any security system properly and plan to continue his streaming which is awesome that's

19:49.440 --> 19:53.980
awesome that he got back up on that bike um his go fund me actually remains active

19:53.980 --> 20:01.040
for those who prefer those kind of traditional donation methods um and the combination of

20:01.610 --> 20:08.060
the kind of rapid response from the crypto community and that kind of conventional fundraising

20:08.770 --> 20:14.960
that we also see in in platforms now kind of really showed how decentralized and

20:15.500 --> 20:21.900
centralized systems can in a way kind of complement each other which is very cool

20:21.900 --> 20:28.780
like it's it's yet another factor that you kind of makes the story a great story in my opinion um

20:28.780 --> 20:34.900
and the scumbags that actually thought that they could torture this cancer patient and disappear

20:36.120 --> 20:41.420
anonymously backfired so like all in all i would say like the real lesson really kind of

20:41.420 --> 20:48.860
transcends cryptocurrency and cyber security for that matter like at the core we really have to

20:49.400 --> 20:59.000
remember that the humanity that exists that much of the time is still behind that keyboard

20:59.000 --> 21:04.540
there's still a human behind there right when we see these institutions fail repeatedly to protect

21:04.540 --> 21:11.740
people which is absolutely the norm nowadays it's really amazing to see voluntary communities of

21:11.740 --> 21:18.820
talented people can still succeed through rapid coordination anger kind of specialized

21:18.820 --> 21:25.540
expertise steam security has proven itself to be absolutely worthless law enforcement i would

21:25.540 --> 21:33.300
argue is on par with steam security they're going to be absolutely worthless and useless hopefully

21:33.300 --> 21:37.860
i'm wrong about that they actually because i don't think it's right that anyone gets robbed

21:37.860 --> 21:42.340
especially someone in that position law enforcement probably won't do anything about it

21:42.340 --> 21:48.480
mainly because they have sheeple to ride speeding tickets to and soft extort it's a lot easier than

21:48.480 --> 21:55.520
tracking people down and actually solving real crimes but it was cool to see community action

21:55.520 --> 22:02.920
provided actual help to the victim and actual consequences for the attackers through this

22:02.920 --> 22:09.380
kind of exposure and investigation and innovation of everyone coming together a dying man basically

22:09.380 --> 22:15.760
got robbed by parasites who specifically targeted his cancer treatment money and within hours the

22:15.760 --> 22:21.160
internet's most skilled researchers had pretty much hunted down these douchebags who had stolen

22:21.160 --> 22:26.960
these funds and in doing that they protected other potential victims and these attackers

22:26.960 --> 22:33.400
kind of chose their victim thinking that this dude was going to be weak and desperate and that

22:33.400 --> 22:40.060
makes him an easy target and while they were right about that they discovered that instead of

22:40.060 --> 22:45.500
targeting someone the community cares about that actually makes you a really big target

22:45.500 --> 22:53.160
for the people people that are far more dangerous than they were or any government agency was

22:53.160 --> 22:57.540
for that matter I would argue more capable too because they actually got the job done in like a

22:57.540 --> 23:03.140
day all right so in any case thanks for watching to the end guys I really appreciate your support

23:03.140 --> 23:04.740
and I'll see you in the next video