Cloud hosting provider Vercel has confirmed it suffered a security breach that exposed a limited set of customer credentials, following claims that its data was being offered for sale on a hacking forum.

The company says it is actively investigating the incident and has already taken steps to contain the damage.

Breach Exposed Subset of User Data

In a statement, Vercel said unauthorized access was detected within some of its internal systems.

The company noted that only a small group of users were affected, and those customers have been contacted with instructions to rotate their credentials immediately.

The breach came to light after reports surfaced on social media about a post on BreachForums, where a hacker known as “ShinyHunters” allegedly offered Vercel data for $2 million.

Hacker Claims Raise Concerns

The forum post claimed access to sensitive materials, including API keys, source code, database details, and employee accounts tied to internal systems.

The attacker suggested the data could be used for a large-scale supply chain attack, though Vercel has not confirmed the full extent of these claims.

Attack Linked to Compromised AI Tool

According to Vercel CEO Guillermo Rauch, the breach began when a company employee was compromised through a third-party AI tool called Context.ai.

The attacker reportedly gained access to the employee’s Google Workspace account, which then opened the door to parts of Vercel’s internal infrastructure.

Rauch described the attackers as highly sophisticated, noting their speed and deep understanding of the company’s systems.

Encryption Limited the Impact

Vercel emphasized that customer environments are encrypted by default.

However, the attacker was able to access certain variables that had been marked as non-sensitive, which expanded their reach within the system.

The company said it has since strengthened its protections and is closely monitoring for any further suspicious activity.

Security Measures and Recommendations

In response to the breach, Vercel has rolled out additional safeguards and reviewed its supply chain to ensure its core tools, including Next.js and Turbopack, remain secure.

The company is also urging users to follow best security practices, including rotating credentials, monitoring account activity, and properly classifying sensitive data.

AI’s Growing Role in Cyberattacks

Rauch suggested that the attackers may have used artificial intelligence to accelerate the breach, allowing them to move quickly and exploit vulnerabilities more effectively.

The incident highlights a broader trend of increasingly sophisticated cyberattacks targeting infrastructure providers, including those widely used by crypto projects.

Ongoing Investigation

While Vercel described the breach as limited, the situation underscores the risks associated with third-party tools and the importance of strong internal security controls.

The company continues to investigate the incident and has pledged to provide updates as more details become available.

The team behind eth.limo, a key gateway for Ethereum Name Service domains, has confirmed that its recent domain hijack was the result of a targeted social engineering attack against its DNS provider, EasyDNS.

The incident briefly raised concerns across the crypto community, as eth.limo plays a critical role in connecting decentralized websites to traditional web browsers.

Attack Exploited Account Recovery Process

According to the project’s post-mortem, the attacker impersonated a member of the eth.limo team to initiate an account recovery request with EasyDNS.

This allowed the attacker to gain control of the domain account and modify its DNS settings.

Once access was secured, the attacker changed the nameserver records and redirected traffic through Cloudflare, potentially opening the door to phishing or malicious redirects.

Critical Infrastructure at Risk

eth.limo acts as a bridge between Web3 and Web2, enabling access to around 2 million .eth websites through standard browsers.

A successful hijack could have redirected users to harmful sites without their knowledge.

Ethereum co-founder Vitalik Buterin even warned users to avoid his blog during the incident until the issue was resolved.

DNSSEC Helped Limit Damage

Despite the breach, major damage was avoided thanks to Domain Name System Security Extensions (DNSSEC).

Because the attacker did not have the correct cryptographic signing keys, most DNS resolvers rejected the forged records.

As a result, users encountered errors instead of being redirected to malicious content, significantly reducing the potential impact.

Both eth.limo and EasyDNS credited DNSSEC with preventing a much more serious outcome.

EasyDNS Accepts Responsibility

EasyDNS CEO Mark Jeftovic acknowledged the failure, calling it the first successful social engineering attack against a client in the company’s 28-year history.

He described the incident as highly sophisticated and confirmed that an internal investigation is ongoing.

Security Upgrades Underway

In response, EasyDNS is implementing stronger safeguards.

The company plans to migrate eth.limo to its more secure Domainsure platform, which removes account recovery mechanisms altogether, a key vulnerability exploited in this attack.

Additional security improvements are also being rolled out to prevent similar incidents in the future.

Part of a Broader Trend

The eth.limo breach is the latest in a string of domain hijacking incidents targeting crypto-related platforms.

Recent cases involving projects like CoW Swap and Steakhouse Financial highlight a growing trend of attackers exploiting human vulnerabilities rather than technical flaws.

Ongoing Vigilance Needed

While no user impact has been confirmed so far, the incident underscores the importance of robust security practices across both Web2 and Web3 infrastructure.

As crypto adoption grows, protecting critical access points like domain services will remain essential to maintaining trust and preventing large-scale exploits.

Bitcoin gave up its recent gains over the weekend, dropping below $74,000 on Sunday as geopolitical tensions between the United States and Iran intensified.

The pullback came after a series of events that put pressure on an already fragile ceasefire between the two nations.

Bitcoin Reverses After Strong Rally

Bitcoin had surged above $78,300 on Friday, marking its highest level since early February.

However, momentum quickly faded over the weekend as news of rising tensions triggered a shift in market sentiment. The price slipped into the $75,000 to $76,000 range before falling sharply late Sunday.

At one point, Bitcoin briefly dipped below $74,000 following reports of direct military action involving an Iranian vessel.

Ceasefire Under Strain

The latest volatility followed an incident where the US military reportedly fired on and seized an Iranian cargo ship accused of breaching a blockade.

Iran responded by accusing the US of violating the ceasefire agreement and warning of retaliation.

Tehran has also rejected planned peace talks, further increasing uncertainty as the two-week ceasefire approaches its expiration.

Oil Prices Surge as Risk Increases

While crypto markets pulled back, oil prices moved higher amid fears of supply disruption.

Crude oil futures rose more than 4.5%, climbing above $95 per barrel after Iran threatened to close key shipping routes in the Strait of Hormuz.

The region remains a critical artery for global energy supply, and any disruption typically drives oil prices upward.

Traditional Markets React

The tension also impacted traditional financial markets.

US stock futures declined Sunday night, with the S&P 500, Nasdaq-100, and Dow Jones all showing losses as investors shifted toward a more cautious stance.

The broader reaction reflects how closely global markets are tied to geopolitical developments.

Market Sentiment Still Cautious

Despite the recent volatility, overall crypto sentiment showed slight improvement.

The Crypto Fear and Greed Index rose to 29, its highest level since late January, though it still signals a prevailing sense of fear among investors.

Uncertainty Ahead of Ceasefire Deadline

With the ceasefire set to expire midweek, markets remain highly sensitive to further developments.

Any escalation or breakdown in negotiations could trigger additional volatility across crypto, commodities, and equities.

For now, Bitcoin’s price action reflects a market caught between improving momentum and lingering geopolitical risk.