Table of Contents
Web infrastructure provider Vercel disclosed a security breach on April 19 that exposed internal systems and non-sensitive environment variables, prompting web3 teams relying on the platform to audit their deployments and rotate API keys.
Vercel said the incident originated with a compromise of Context.ai, a third-party AI tool used by one of its employees. The attacker used that access to take over the employee's Vercel Google Workspace account, which enabled access to certain Vercel environments and environment variables that were not marked as sensitive.
Context.ai is an enterprise AI platform that builds agents trained on company-specific institutional knowledge, workflows, and standards. The platform had been integrated with Vercel's environment and granted deployment-level Google Workspace OAuth scopes, giving the attacker a privileged foothold once the platform itself was breached.
Environment variables marked as sensitive in Vercel are stored in a manner that prevents them from being read, and the company said it does not currently have evidence that those values were accessed. Vercel described the attacker as "highly sophisticated based on their operational velocity and detailed understanding of the platform's systems."
A threat actor claiming to be ShinyHunters posted on a hacking forum that they had breached Vercel and were selling access to company data, including access keys, source code, database data, internal deployments, and API keys. The actor also shared a text file containing information on 580 Vercel employees, including names, email addresses, account status, and activity timestamps. It should be noted that actors linked to previous ShinyHunters-attributed attacks have separately denied involvement to security media. The claimed asking price for the stolen data is $2 million.
Vercel CEO Guillermo Rauch said in a post on X that the company had deployed extensive protection measures and monitoring, and had analysed its supply chain to ensure Next.js, Turbopack, and its open source projects remain safe. He said the company had already rolled out new capabilities to its dashboard, including an overview page of environment variables and a better interface for sensitive environment variable creation and management.
Here's my update to the broader community about the ongoing incident investigation. I want to give you the rundown of the situation directly.
— Guillermo Rauch (@rauchg) April 19, 2026
A Vercel employee got compromised via the breach of an AI platform customer called https://t.co/xksNNigVfE that he was using. The details…
Vercel said the compromise potentially affected hundreds of users across many organisations, and has published an indicator of compromise to support the wider community in vetting potential malicious activity in their environments. It recommended that Google Workspace administrators and account owners check for usage of the implicated OAuth app.
The breach is drawing particular attention from the crypto industry, given how widely web3 teams use Vercel to host wallet interfaces and front-end dashboards. Solana-based decentralised exchange Orca said its frontend is hosted on Vercel and that it had rotated all deployment credentials as a precaution, adding that its on-chain protocol and user funds were not affected.
Vercel said only a limited subset of customers were affected, though the full scope remains unclear as the attacker claims to be actively selling additional stolen data. The company said it has engaged Mandiant and additional cybersecurity firms, and has notified law enforcement.
