Cloud hosting platform Vercel hacked! "DEX frontends" and "crypto wallet interfaces" at risk of tampering and theft

📄Full Article· Automatically extracted by trafilaturaGemini 翻譯1407 words

Author: HIBIKI, Crypto City Cloud hosting platform Vercel hacked, widely used by crypto projects The cloud hosting and deployment infrastructure platform Vercel has confirmed that some of its internal systems were subjected to unauthorized access, affecting a small number of customers. Vercel provides services such as serverless functions, edge computing, and CI/CD pipelines. It is also known for developing the widely used React framework Next.js, and many blockchain and cryptocurrency projects rely on Vercel to deploy their front-end interfaces. Vercel CEO Guillermo Rauch posted on the social platform X, explaining that the hack was caused by an issue with the third-party AI tool Context.ai. A Vercel employee's Google Workspace account was compromised during a data breach at the AI platform, and the attacker subsequently used the account's permissions to gain access to Vercel's internal environment. All customer environment variables on Vercel are fully encrypted at rest, and the platform also provides a feature to designate variables as non-sensitive. The hackers obtained unencrypted, non-sensitive environment variables through enumeration. Hackers demand $2 million ransom for stolen data A report by the cybersecurity media outlet Bleepingcomputer stated that a member claiming to be from the hacker group ShinyHunters posted on the hacking forum BreachForums, claiming to have obtained Vercel's internal data and demanding a $2 million ransom from the official team. The stolen data displayed by the hackers includes access keys, source code, database records, and internal deployment API Keys for NPM and GitHub, as well as 580 names, email addresses, account statuses, and activity timestamps of Vercel employees. However, members associated with the core ShinyHunters group have denied to the media any involvement in this Vercel attack, though the group previously attacked Rockstar, the developer of the GTA game series. Vercel official advises customers to conduct a comprehensive review In response to this hack, Vercel has hired external cybersecurity experts and notified law enforcement, while also rolling out updates to strengthen security management. Vercel strongly advises administrators to check activity logs for suspicious behavior and urges Google Workspace administrators to immediately check for the installation of specific compromised OAuth applications. The company also recommends that customers conduct a comprehensive review and rotate their environment variables, and enable the sensitive variable feature to ensure data is protected by encryption at rest. What impact does the Vercel hack have on crypto projects? This incident poses significant risks to the cryptocurrency industry. According to a report by The Block, blockchain projects frequently deploy wallet interfaces, decentralized exchange (DEX) front-ends, and decentralized App (dApp) dashboards on Vercel. If blockchain projects stored private RPC endpoints, third-party API Keys, or sensitive information related to wallets in non-sensitive environment variables, these secrets are now highly likely to have been leaked. Theo Browne, a well-known figure in the developer community, also posted that sources indicate the impact on Vercel's internal Linear and GitHub integration systems was the most severe. Front-end security issues have been frequent in the cryptocurrency space in the past, with projects including CoW Swap, Aerodrome, and Velodrome having suffered from domain system hijacking. Such attacks typically steal assets by redirecting visitors to phishing websites. The Block pointed out that this hack occurred at the hosting and deployment layer, opening up a brand-new attack surface that completely bypasses domain system monitoring. In the worst-case scenario, attackers could directly tamper with the actual built front-end output of a project. (The above content is excerpted and reprinted with authorization from our partner Crypto City, original link)

Data Status✓ Full text extractedRead Original (區塊客)

🔍Historical Similar Events· Keyword + Asset Matching1 items

2026-04-20

Vercel hacked, crypto developers rush to rotate API keys: AI tool Context.ai identified as the breach point, Web3 frontend supply chain on high alert

Similarity 120%關鍵字 vercel同分類 zh

💡 Currently matching via keywords + symbols (MVP) · Will be upgraded to embedding semantic search later

Raw Information

ID:6df79aa574

Source:區塊客

Published:2026-04-21 11:51:04

Category:zh_news · Export Category zh

Symbols:Unspecified

Community Votes:+0 / −0 · ⭐ 0 Important · 💬 0 Comments