Crypto hosting firm Vercel said a limited subset of users was affected as hackers claimed to be selling internal data for $2 million.
Unauthorized access at a major web infrastructure provider is raising questions about whether credentials used across thousands of apps may have been exposed.
In a blog post on April 20, Vercel, which provides hosting and deployment infrastructure widely used by crypto startups, said it found “unauthorized access to certain internal Vercel systems.” The company said services are still running and that it’s continuing to investigate what, if any, data was taken.
Read also: Bitcoin on April 20: BTC Trades Near $75,000 Amid Iran Uncertainty
Although Vercel is not a crypto-only host, some big crypto products do rely on it. Consensys, a key developer in the Ethereum ecosystem, said in a Vercel case study that it moved MetaMask’s main website to Vercel, while its educational platform MetaMask Learn was already running on it.
Separately, crypto hardware wallet maker Ledger is also listed by Vercel as a customer using Vercel to power its online store and web applications.
Crypto Hosting Breach Traced to AI Tool
Vercel said the attack started outside its own systems as the incident “originated with a compromise of Context.ai,” a third-party AI tool used by an employee.
That access let the attacker take over a corporate Google Workspace account and move into internal environments. From there, the attacker accessed environment variables that were’nt marked as sensitive, per the blog post.
These variables can hold things like API keys, tokens and database credentials. Vercel added it has no evidence that sensitive variables were accessed.
Hackers Move to Sell Access
According to a BleepingComputer report, the attacker posted on a hacking forum offering access to API keys, internal deployments and employee accounts.
The report said a sample file containing about 580 employee records was shared, though the outlet noted it could not independently verify the data. Messages reviewed by the publication also referenced a $2 million ransom discussion, which Vercel hasn’t confirmed.
Read more: DeFi TVL Drops $13B as KelpDAO $300M Hack Hits Aave Markets
