Cloud hosting platform Vercel hacked! Hackers demand 2 million dollars in ransom, encryption projects may have security risks

Vercel cloud platform was shocked after being hijacked by third-party AI tools, and hackers demanded a $2 million ransom to extort confidential data. Because most cryptocurrency projects rely on it for deploying the front end, this incident could expose projects to a major cybersecurity risk of tampering.

Vercel cloud hosting platform was hacked, and crypto projects also love using it

Vercel, the cloud hosting and deployment infrastructure platform, has confirmed that some internal systems were accessed without authorization, affecting a small number of customers.

Vercel offers services such as serverless functions, edge computing, and continuous integration and continuous deployment pipelines, and is known for the popular React framework Next.js, with many blockchain and cryptocurrency projects also relying on Vercel to deploy their front-end interfaces.

Vercel CEO Guillermo Rauch said on the social platform X that the cause of this hacking incident was an issue with the third-party AI tool Context.ai. A Vercel employee’s Google Workspace account was hijacked during a data leak incident on that AI platform, and the attackers then used the account’s permissions to enter Vercel’s internal environment.

All customer environment variables on Vercel are comprehensively encrypted at rest, and it also provides the ability to designate variables as non-sensitive. The hackers obtained unencrypted non-sensitive environment variables through enumeration.

Image source: Vercel official website Vercel is a cloud hosting and deployment infrastructure, and many blockchain and cryptocurrency projects also rely on Vercel to deploy front-end interfaces.

Hackers demand $2 million to sell the stolen data

A report by cybersecurity outlet 《Bleepingcomputer》 states that a member claiming to be from the hacker group ShinyHunters posted on the hacking forum BreachForums, claiming to have obtained Vercel’s internal data and offering to extort the official team with a $2 million ransom.

The stolen data shown by the hackers includes access keys, source code, database records, and internal deployment API keys for NPM and GitHub, and it even includes 580 Vercel employees’ names, email addresses, account statuses, and activity timestamps.

Image source: BreachForums Hackers offer $2 million to sell the stolen data

However, members of the core ShinyHunters organization have denied involvement in this Vercel attack to the media, but the group previously attacked Rockstar, the developer of the 《GTA》 game series (R 星).

• Related report: GTA6 developer hacked! Hacker: leak player data if not paid by 4/14—how did R 星 respond?

Vercel officially recommends customers conduct a full review

For this hacking incident, Vercel has hired external cybersecurity experts and notified law enforcement authorities, while also rolling out updates to strengthen security management.

Vercel strongly advises administrators to check whether there is any suspicious activity in the activity logs, and urges Google Workspace administrators to immediately check whether any compromised OAuth applications have been installed.

The company also recommends that customers conduct a comprehensive review and replace environment variables, enabling the sensitive variables feature to ensure that data is protected by static encryption.

What impact does the Vercel hack have on crypto projects?

This incident poses a major risk to the cryptocurrency industry. According to 《The Block》, blockchain companies often deploy wallet interfaces, decentralized exchange (DEX) front ends, and decentralized app (dApp) dashboards on Vercel.

If blockchain projects store private RPC endpoints, third-party API Keys, or wallet-related confidential information in non-sensitive environment variables, these confidential details are very likely to have been leaked now.

Well-known figure in the developer community Theo Browne also posted that sources indicate the most severe impact was on Vercel’s internal integration systems with Linear and GitHub.

Image source: X/Theo Browne

In the past, front-end cybersecurity problems in the crypto space have been frequent. Projects such as CoW Swap, Aerodrome, and Velodrome have all suffered domain system hijacking, and this type of attack typically steals assets by redirecting visitors to phishing websites.

《The Block》 noted that this hacking incident occurred at the hosting and deployment layer, opening an entirely new attack surface that completely bypasses domain system monitoring. In the worst case, attackers could directly tamper with the actual built front-end output of a project.

Further reading:
CoW Swap suffers DNS hijacking attack! Rough estimate: user losses in the millions of dollars; official statement: don’t use front-end webpages