Gate News message, April 20 — Cloud development platform Vercel confirmed a security incident on Sunday (April 19) in which hackers gained access to internal systems, stealing employee data, customer data, and sensitive credentials. The breach poses a significant risk to the Web3 ecosystem, as many crypto projects use Vercel to host their front-end interfaces.
Vercel’s investigation revealed the breach originated from a third-party AI tool called Context.ai, which was being used by one of its employees. The tool’s Google Workspace OpenAuth application was compromised, allowing attackers to broaden access to Vercel’s systems and potentially impact hundreds of users across multiple organizations. The platform warned that unprotected environment variables used by deployments could be exposed and recommended users review and change any environment variables not marked as sensitive.
Shortly after Vercel’s announcement, a user calling themselves ‘ShinyHunters’ posted on the cybercrime marketplace Breachforums, claiming to have breached Vercel and offering to sell stolen data—including access keys, source code, database data, and API keys—for $2 million. The attacker also shared personal information on Vercel employees and screenshots of internal dashboards. In separate Telegram messages, the attacker claimed to be in contact with Vercel regarding a $2 million ransom demand.
Vercel CEO Guillermo Rauch confirmed the incident on X, stating that the company had engaged incident response experts and notified law enforcement. Vercel said only a limited subset of customers were impacted and that its services remain fully operational.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
