Security | April 20, 2026
Vercel Breach Puts Web3 Frontends on Alert
Vercel says a third-party AI tool's compromised Google Workspace OAuth app led to unauthorized access, while developers are being told to rotate unprotected secrets.
Vercel disclosed unauthorized access to certain internal systems on Sunday, putting crypto teams that use the platform for wallet interfaces, DEX frontends, and dapp dashboards into secret-rotation mode.
The company said only a limited subset of customers had been identified as impacted, that services remained operational, and that outside incident responders and law enforcement were involved. Vercel traced the incident to a small third-party AI tool whose Google Workspace OAuth app was caught in a broader compromise. It published the OAuth app identifier and asked Workspace administrators to check for its use.