A vulnerability at web infrastructure provider Vercel forced encryption teams to rotate API keys and conduct deep inspections of its underlying code.
Vercel said in the advisory that hackers were able to gain access to unlocked behind-the-scenes settings, potentially exposing API keys — the digital credentials apps use to connect to other services. These credentials act like digital passwords, allowing the software to connect to databases, crypto wallets, and external services. If they fall into the wrong hands, they could be used to impersonate an app, circumvent usage limits, or manipulate how an app runs.
A post on the cybercrime forum BreachForums claimed to be selling Vercel data, including access keys and source code, for $2 million, but these claims have not been independently confirmed. Vercel said it has cooperated with incident response companies and law enforcement and is continuing to investigate whether any data was compromised.
The company traced the breach to Context.ai, a third-party artificial intelligence tool used by an employee, in which a compromised Google Workspace connection allowed the attacker to escalate access to Vercel’s internal environment, its CEO said in an X post. Environment variables marked “sensitive” are stored in a manner that prevents them from being read, and there is no evidence that they have been accessed, Vercel said.
The incident is being watched closely because Vercel powers the front-end infrastructure for many crypto applications and is the primary steward of Next.js, one of the most widely used web development frameworks. Many Web3 teams host wallet interfaces and decentralized application dashboards on Vercel, relying on environment variables to store the credentials that connect their frontends to blockchain data providers and backend services.
Solana-based decentralized exchange Orca said its front-end is hosted on Vercel and that it has rotated all deployment credentials as a precaution. The project added that its on-chain protocol and user funds were not affected.
The hack, which occurred the same weekend when Kelp DAO’s rsETH token, worth $292 million, was exploited, triggered a widespread liquidity crunch across the DeFi space, triggering massive withdrawals on major lending platforms including Aave and raising concerns about the unknown extent of the contagion.
While not entirely cryptocurrency-specific, April is shaping up to be one of the most heavily exploited months for crypto this year due to the latest Vercel hack, as the month began with Solana-based perpetual protocol Drift losing an estimated $285 million in an attack linked to North Korea-linked attackers, followed by at least a dozen smaller protocols being exploited in the weeks since, including CoW Swap, Zerion, Rhea Finance, and Silo Finance.
