Vercel is one of the key frontend providers for Web3. Projects that stored API keys and RPC access could have faced their exposure.
- Vercel officially confirmed the incident: attackers gained access to part of its internal systems. External experts have been brought in to assist with the investigation, and law enforcement agencies have been notified.
- A âlimited subsetâ of customers has been affected; the company is contacting them directly.
- According to sources, the attack vector was the compromise of an employeeâs account via a third-party AI service, Context.ai (not officially confirmed)
- On the BreachForums forum, allegedly stolen access keys, source code, and GitHub tokens are being offered for sale at $2 million (authenticity not verified)
Crypto projects are already responding: DEX Orca confirmed the change of all access credentials, and teams are conducting infrastructure audits. Chainlink took measures to rotate API keys following the incident.
Continue reading this article on source:Â vercel.com