Risky Business Podcast

May 21, 2025

Risky Business #792 -- Beware, Coinbase users. Crypto thieves are taking fingers now

Presented by

Adam Boileau
Adam Boileau

Technology Editor

Patrick Gray
Patrick Gray

CEO and Publisher

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

  • TeleMessage memory dumps show up on DDoSecrets
  • Coinbase contractor bribed to hand over user data
  • Telegram does seem to be actually cooperating with law enforcement
  • Britain’s legal aid service gets 15 years worth of applicant data stolen
  • Shocking no one, Ivanti were weaseling when they blamed latest bugs on a third party library

This week’s episode is sponsored by Prowler, who make an open source cloud security tool. Founder and original project developer Toni de la Fuente joins to talk through the flexibility that open tooling brings. Prowler is also adding support for SaaS platforms like M365, and of course, an AI assistant to help you write checks!

This episode is also available on Youtube.

Risky Business #792 -- Beware, Coinbase users. Crypto thieves are taking fingers now
0:00 / 53:01

Show notes

TeleMessage - Distributed Denial of Secrets

How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes | WIRED

Coinbase says thieves stole user data and tried to extort $20M

Hack could cost Coinbase up to $400M: filing | Cybersecurity Dive

Severed Fingers and ‘Wrench Attacks’ Rattle the Crypto Elite

Money Stuff: US Debt Rates Itself | NewsletterHunt

2 massive black market services blocked by Telegram, messaging app says | Reuters

Telegram Gave Authorities Data on More than 20,000 Users

GovDelivery, an email alert system used by governments, abused to send scam messages | TechCrunch

ATO warning as hackers steal $14,000 in tax returns: ‘Be wary’

Hack of SEC social media account earns 14-month prison sentence for Alabama man | The Record from Recorded Future News

19-year-old accused of largest child data breach in U.S. agrees to plead guilty

Beach mansion, Benz and Bitcoin worth $4.5m seized from League of Legends hacker Shane Stephen Duffy | 7NEWS

Pegasus spyware maker rebuffed in efforts to get off trade blacklist - The Washington Post

Ransomware attack hits supplier of refrigerated groceries to British supermarkets | The Record from Recorded Future News

UK government confirms massive data breach following hack of Legal Aid Agency | The Record from Recorded Future News

Ivanti Endpoint Mobile Manager customers exploited via chained vulnerabilities | Cybersecurity Dive

Expression Payloads Meet Mayhem - Ivanti EPMM Unauth RCE Chain (CVE-2025-4427 and CVE-2025-4428)