Tech Brew Ride Home - Fri. 05/16 – Bribing Is The Oldest Form Of Hacking
Episode Date: May 16, 2025Epic Games and Apple are still having beef over app store rejections. Coinbase got hacked with the oldest attack vector there is: bribery. Meta’s having problems with its behemoth AI model. New Wind...surf coding suite. New Apple Car Play. And, of course, the Weekend Longreads Suggestions. Sponsors: FactorMeals.com/ride50off and code RIDE50OFF Links: Apple blocks Fortnite’s App Store return as downloads fail in Europe (The Verge) Coinbase warns of up to $400 million hit from cyberattack (Reuters) Coinbase Hack Rocks Company That Led Crypto Into Mainstream (Bloomberg) Meta Is Delaying the Rollout of Its Flagship AI Model (WSJ) Vibe-coding startup Windsurf launches in-house AI models (TechCrunch) Next-gen CarPlay, branded CarPlay Ultra, starts rolling out today (9to5Mac) Weekend Longreads Suggestions: I let lasers power my smart home — and I don’t want to go back (The Verge) The Popular Alternative - The State of A24 (Dirt) Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
On April 4th, 2023, around 2 in the morning, a man was found stabbed multiple times on a sidewalk in downtown San Francisco.
Hey, who did this to you?
What happened next turned the story into a political firestorm.
Reports have identified the victim as Bob Lee, the founder of Cash App.
From Bloomberg Podcasts, this is Foundering, the Killing of Bob Lee, beginning April 16.
Welcome to the Tech meme right home for Friday, May 16th,
2025. I'm Brian McCullough today. Epic Games and Apple are still having beef over App Store
rejections. Coinbase got hacked with the oldest attack vector there is bribery. Meta's
having problems with its behemoth AI model, new windsurf coding suite, new Apple carplay, and of course
the weekend long read suggestions. Here's what you miss today in the world of tech.
Epic Games says that Apple rejected its latest Fortnite submission to the U.S. Apple
store and the game on iOS will be offline worldwide until Apple unblocks it, according to Epic.
Quoting the verge.
Following the rejection, Fortnite is no longer available on iPhones and iPads even in the
European Union, where it had previously been available to download through the Epic Game
Store.
Apple has blocked our Fortnite submission so we cannot release to the U.S. App Store or to
the Epic Game Store for iOS in the European Union, the company posted on the official FortniteX
account.
Now, sadly, Fortnite on iOS will be offline worldwide until Apple unblocks it, end quote.
The Verge has confirmed that the game is no longer available to download on iOS from the Epic Game Store
or the alternative marketplace alt store pal in the EU, where it had previously been available.
It's not yet clear if Apple blocked the game's availability through those stores or if Epic itself chose to make it unavailable.
We've reached out to both Apple and Epic for comment.
Fortnite returned to iOS in the EU last year, but only through those two storefronts and not Apple's App Store.
The return was made possible by the EU's Digital Markets Act, which required Apple to allow third-party app stores on iOS.
Epic had resubmitted Fortnite to the U.S. App Store this month following a recent ruling in Epic's lawsuit against Apple.
That ruling prohibited Apple from restricting developers' ability to link to external payment systems,
one of the issues that had started their long-running legal battle.
Epic was forced to use its EU developer account to resubmit the game, as its U.S. account was terminated in 2020 when it first broke Apple's rules by introducing its own in-app payments to the game.
This week, Epic CEO Tim Sweeney announced that the company had pulled its previous Fortnite submission and submitted a new version that included an update due to release today, noting that, quote, all platforms must update simultaneously.
He's since taken to X repeatedly to complain that unofficial Fortnite knockoffs have been allowed into the app store while Fortnite,
hasn't, claiming that Apple's app review process has been, quote, weaponized by senior management,
end quote. So one big story I missed yesterday that I want to snag is that Coinbase got hacked.
Coinbase had to divulge that hackers access data of what they are calling a small subset of
users, though not their credentials, and that they expect to incur $180 to $400 million in costs
on account of remediating this. But they also want you to know that.
they refused to pay a $20 million ransom. Quoting Reuters. The company received an email from an
unknown threat actor on May 11, claiming to have information about certain customer accounts as well as
internal documents. While some data, including names, addresses, and emails was stolen, the hackers
did not get access to login credentials or passwords, Coinbase said. It would, however, reimburse
customers who were tricked into sending funds to the attackers. Hackers had paid multiple
contractors and employees working in support roles outside the U.S. to collect the information.
The company has fired those involved, it said. Separately, the U.S. Securities and Exchange Commission
has begun scrutinizing whether Coinbase had misstated its user figures, two sources familiar
with the matter told Reuters. The agency had also been interested in whether any inaccurate
user data could indicate the company had inadequate know-your-customer compliance that is required
of firms registered with the SEC, the sources said. A Coinbase spokesperson denied the SEC's
was probing the company's compliance with Know Your Customer and Bank Security Act rules, end quote.
But what I want to come back to, what I found interesting, is the details of this particular hack.
A source is telling Bloomberg that hackers bribed enough Coinbase customer service representatives
to achieve effectively on-demand access to Coinbase customer information since January.
Quote, while the company says the Coinbase Prime Service, that Custody's crypto for ETF issuers and services
other institutional investors was not affected, the hackers did have near-constant access to some of
Coinbase Global's most valuable customer data since January, according to a person familiar with
the incident who asked not to be named discussing Company Matters. The hackers' scheme was brazen,
if not especially impressive from a technology standpoint. They bribed customer service representatives
to steal client data and then demanded a $20 million ransom to delete it. Coinbase began
noticing unusual activity from some of these representatives,
As far back as January, the company confirmed in an interview with Bloomberg News.
The bribed reps got access to names, dates of birth, addresses, nationalities, government-issued
ID numbers, some banking information as well as details about when customer accounts were created
and their balances, the person familiar with the situation said.
This information could be used to attempt to impersonate Coinbase and convince customers
to let the hackers into their account.
It could also be used to impersonate the victims with other service providers to attempt
to convince them to let hackers into other financial accounts they maintain.
For some traders with big balances on the exchange, the incident was alarming for reasons that go beyond
the potential financial losses, considering the kidnapping and mutilation of a crypto startup
co-founder earlier this year and reports of other similar incidents.
It's a major breach.
The amount of personal information shared is staggering, said Mike Dutas, managing partner
of Web3 firm 6MV, who said he was targeted by the Coinbase hackers.
The hackers had bribed enough customer service representatives to achieve effectively on-demand access
to Coinbase customer information in the past five months, the person said.
Coinbase chief security officer Philip Martin disputed the assertion of near-constant access,
saying in an interview with Bloomberg News that the company pulled the agent's access as soon as it
was discovered that they were improperly sharing information.
Therefore, the hackers, quote, did not have persistent access over the course of the entire period,
he said.
What these attackers were doing was finding Coinbase employees and contractors
based in India, who were associated with our business process outsourcing or support operations,
that kind of thing, and bribing them in order to obtain customer data, Martin said.
Coinbase detected the agents, quarantined them, and fired them as soon as the company knows
the activity. The hackers had access to this data as recently as Wednesday, the person
familiar with the incident said. Martin said, quote, we have no reason to believe that is true at all,
but could not, quote, prove a negative. Bloomberg News is aware of one notable high net worth
individual's data being access whom Bloomberg is not disclosing for privacy reasons, end quote.
Sources say that meta has delayed the rollout of its behemoth LLM, which was internally slated
for an April release, now to be released in the fall or later. This comes after struggles
to improve its capabilities, apparently, quoting the journal. Company engineers are struggling
to significantly improve the capabilities of its behemoth large language model, leading to staff
questions about whether improvements over prior versions are significant enough to justify public
release, the people said. Early in its development, Behemoth was internally slated for an April
release to coincide with Meta's inaugural AI conference for developers. Meta put two smaller models
in its Lama AI model family ahead of the event, but later pushed an internal target for the larger
behemoth release to June. Now it's been delayed to fall or later. Meta has previously drawn praise
for the speed with which it's caught up to rivals in the global AI Army.
race, spending billions of dollars along the way to develop the technology that powers chatbots on
WhatsApp, Instagram, and Facebook. Meta plans to spend up to $72 billion in capital expenditures
this year, much of which will be used to help realize Chief Executive Mark Zuckerberg's grand
ambitions for AI. Senior executives at the company are frustrated at the performance of the team
that built the Lama 4 models and blamed them for the failure to make progress on behemoth,
according to people familiar with their views. Meta is contemplating significant.
management changes to its AI product group as a result, the people said. The Facebook parent
has publicly touted the capabilities of behemoth, saying it already outperforms similar technology
from OpenAI, Google, and Anthropic on some tests. But internally, its performance has been
hobbled by training challenges, the people said, end quote. Hey devs, heads up. WindSurf has launched
SWE1, its first family of software engineering AI models claiming its largest model matches
Claude 3.5 Sonnet, GPT4.1, and Gemini 2.5 Pro, quoting TechCrunch.
The startup says it trained its new family of AI models, SWE1, SWE1 Lite, and SWE1 Mini,
to be optimized for the entire software engineering process, not just coding.
The launch of Winsurf's in-house AI models may come as a shock to some,
given that OpenAI has reportedly closed a $3 billion deal to acquire Winsurf.
However, this model launch suggests WinSurf is trying to expand beyond just developing applications
to also developing the models that power them.
According to WinSurf, SWE1, the largest and most capable AI model of the bunch,
performs competitively with Clod 3.5 Sonnet, GPT 4.1, and Gemini 2.5 Pro on internal programming benchmarks.
However, SWE1 appears to fall short of frontier AI models such as Cloud 3.7 Sonnet on software engineering tasks.
Winsurf says its SWE1 light and mini models will be available for all users on its platform
free or paid.
Meanwhile, SWE1 will only be available to paid users.
WinSurf did not immediately announce pricing for its SWE1 models but claims it's cheaper
to serve than Claude 3.5 Sonnet.
Winsurf is best known for tools that allow software engineers to write and edit code through
conversations with an AI chatbot, a practice known as vibe coding.
Other popular vibe coding startups include Cursor, the largest in the space, as well as lovable.
Most of these startups, including WinSurf, have traditionally relied on AI models from OpenAI, Anthropic, and Google to power their applications.
In a video announcing the SWE models, comments made by Windsurf's head of research, Nicholas Moy, underscore WinSurf's newest efforts to differentiate its approach.
Today, Frontier models are optimized for coding, and they've made massive strides over the last couple of years, said Moy.
but they're not enough for us.
Coding is not software engineering.
Winsurf notes in a blog post that while other models are good at writing code,
they struggle to work between multiple surfaces as programmers often do,
such as terminals, IDE's, and the internet.
The startup says SWE1 was trained using a new data model
and a training recipe that encapsulates incomplete states,
long-running tasks, and multiple surfaces, end quote.
Apple has rolled out CarPlay Ultra,
the next generation of CarPlay,
in new and existing Aston Martins in North America after months of delays.
But this is way before a wider rollout, which is coming soon.
Quoting 9 to 5 Mac.
Apple also said Hyundai, Kia, and Genesis are working on adding CarPlay Ultra to their cars
but did not disclose a time frame.
CarPlay Ultra integrates vehicle controls with the CarPlay experience,
including taking over display of the instrument cluster and gauges,
toggles for air conditioning and driver assistance systems, advanced media controls, and more.
CarPlay Ultra services all of the screens in the vehicle, not just the primary infotainment display.
That includes digital renderings of the speedometer, tachometer, fuel gauge, and more.
CarPlay apps like media and navigation can also seamlessly integrate into the instrument cluster.
CarPlay Ultra cars also allow for on-screen controls or Siri voice commands to control car features,
like the radio and climate, as well as vehicle-specific features like performance driving modes.
Widgets from the iPhone can also be projected on the infotainment display to show glanceable information like calendar or weather.
Of course, the big question mark with CarPlay Ultra is availability.
A launch with just Aston Martin vehicles is pretty restrictive.
In today's press release, Apple announced an expansion of car manufacturers committed to supporting CarPlay Ultra, including Hyundai and Kia.
Apple also previously showed renders of what next-gen carplay would look like in Porsche vehicles.
However, there is no timeline for when CarPlay Ultra will be made available on anything but
Aston Martin right now, end quote.
Time for the weekend, long read suggestions.
First up, not a long read exactly, but explanation of some cool new tech that I wasn't aware of.
Infrared wireless charging.
Quoting the verge.
One morning last month, I walked into my kitchen to get a glass of water, but my smart faucet
was out of battery. I went to sit down in my front room and the shade was still shut. It was out of
battery. I walked down the hall and found a beached robot vacuum out of battery. I headed outside to
feed the chickens, unlocking the back door on the way out. The battery-powered smart lock
had done what it was supposed to and automatically locked at 8 p.m. At least something was working.
The game changer here is wireless charging, not wireless like putting your phone on a charging pad,
wireless like across the room. For the past year,
A Y-charged transmitter in my ceiling has been shooting infrared lasers at a photovoltaic
panel on the specially modified Alfred DB2S smart lock on my back door, keeping its battery hovering
at 100%.
So I never have to deal with a deadlock when going to feed my chickens.
To get this souped-up setup cost around $1,250 bucks required cutting a hole in my ceiling
and is only available through an early access program, the Y-charge-compatible Alfred lock
can't be purchased off the shelf. However, despite this extra effort after a year of living with a
wirelessly powered smart lock, whose battery I never have to mess with, I want this for everything in my
smart home, end quote. And finally today, not tech, but a publication called Dirt, has a look at the
newfangled movie studios like A-24 that are basically the only things winning in Hollywood right now,
unless you've got a superhero or two in your pocket. Quote,
what we might call peak A-24, stretching between 2019 and 2022,
began with the Safdi Brothers Diamond District Thriller Uncut Gems,
a nervy and propulsive character study of a gambling addict played by Adam Sandler,
who might just win the bed of a lifetime.
The September before Uncut Gems' December release in 2019, A-24 launched A-24 books,
an imprint to showcase with coffee table flare,
gorgeous hardcover books that collected scripts, essays,
and celebrities like Frank Ocean and literary names,
like Carmen Maria Machado and photos from select films. The first releases, Ex Machina,
The Witch, and Moonlight. A24's merch, along with a zine tied to new releases, was already
well known, seen as lovingly rendered accompaniments to films that had the confectionary
allure of a rare vinyl pressing. The books, which were initially celebrated as deep dives,
before later being more clearly labeled as screenplay books, helped to more explicitly lash together
a selection of A24 achievements, straightening out the timeline in both directions, a built-in method
for enshrining future touchstones legitimized by artsy packaging. In 2022, Stripes LLC, around $70 billion
as a fund, led a $225 million equity investment in A24. North of 60% of the people that go to
see an A-24 movie in a theater go because it's an A-24 film. Stripe's founder Ken Fox told Bloomberg,
invoking the myth of that all-consuming A-24 fan who loves everything everywhere all at once or Lady Bird, as much as waves or white noise.
They've watched A-24 content, and they know that the quality is going to be exceptional and interesting and compelling.
Basically, A-24 and Disney are the only two companies that test that way.
At the end of June 2024, Thrive Capital, a major investor in Open AI, along with other investing parties,
participated in another round of funding to the tune of $100 million and a $3.5 billion,
evaluation. Thrive Capital founder Josh Kushner will sit on 824's board. What is being entertained here is the degree to which a studio can serve as a litmus test for where modern filmmaking is headed. A24 has become both a very telling kind of punching bag, absorbing any number of wider systemic issues and anxieties, and a hero single-handedly rescuing cinema from a swift death. The cavalier flattening of major studio filmmaking, exemplified by the endless resurrection of nostalgia bait IP, and corporal.
overreach, makes it easy to cast doubt on the legitimacy of any studio's artistic intentions,
or if the question of making art enters the equation at all. A24 is pointed to as the singular
way forward, but the company always wanted to assimilate into the mainstream, just by a less
conventional approach, end quote. Okay, since I gave you part one of the World Cup of Entrepreneurs
yesterday, I figured I'd give you part two this weekend as a bonus episode just to put a bow on it.
Thanks again to Founder Collective for inviting me to the conference yesterday with tons and tons of fun.
Talk to you on Monday.