Vercel, the cloud hosting provider widely used by crypto projects and developers, has confirmed an incident that exposed a limited set of customer credentials. In a company post, Vercel said it identified unauthorized access to certain internal systems and is investigating the scope. The company said it notified affected customers and urged immediate rotation of compromised credentials.
The announcement followed posts on BreachForums, where a user known as “ShinyHunters” reportedly offered Vercel data for $2 million. That listing claimed to include access keys, source code, database details and employee accounts with access to internal deployments — assets that, if genuine, could enable broad supply-chain attacks. Vercel did not confirm those exact claims but characterized the attacker as “highly sophisticated,” citing their speed and deep knowledge of Vercel’s systems.
Vercel CEO Guillermo Rauch said the intrusion began after an attacker gained access to a Vercel employee by exploiting a breach at a third-party AI tool the company used, Context.ai. From that foothold the attacker was able to compromise the employee’s Google Workspace account and gain entry to some internal Vercel systems.
Rauch emphasized that customer environments on Vercel are stored with full encryption, but noted that environment variables can be marked as “non-sensitive,” and the attacker progressed further through enumeration of accessible data. He also suggested the group’s pace and level of insight were likely enhanced by AI.
Vercel said it has implemented extensive protective controls and monitoring, and has reviewed its supply chain to confirm Next.js, Turbopack and its open-source projects remain secure. The company recommended standard incident-response steps for customers: rotate secrets and keys, monitor access to Vercel environments and any linked services, and ensure sensitive values are properly flagged using the sensitive environment variables feature.
This article is published under Cointelegraph’s editorial standards, which emphasize independent, transparent reporting. Readers are encouraged to verify information independently. Read Cointelegraph’s Editorial Policy at https://cointelegraph.com/editorial-policy