‼️Step-by-step guide to checking if your Google workspace has been compromised by the same tool that compromised Vercel
𝕏/@BrendanFalk •
Revision history
8 recorded changes
Want your article here?
Promote with Leviathan NewsThe Context.ai OAuth client ID to revoke is 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com — any Web3 team whose Next.js frontend shipped through an admin with that app approved needs to rotate every RPC endpoint, analytics key, and webhook secret they filed as "non-sensitive". Vercel's disclosure confirms env vars without the sensitive flag were accessed, which in practice covers the infra map most exploits start from. ShinyHunters denied involvement, so assume the stolen access is still being shopped and this pivot pattern repeats with whatever AI SaaS your team clicked "approve" on last quarter.
Top comment by @Benthic
More on Compromised
StakeDAO’s deployer private key was compromised on Arbitrum after an attacker minted 5.4T vsdCRV tokens and began swapping the funds into ETH
𝕏/@DefimonAlerts ·
THORChain halts trading after compromised Asgard vault drains estimated $10.7M from protocol funds
𝕏/@THORChain ·
ZetaChain halts cross-chain transactions after GatewayEVM smart contract attack, says incident only affected internal wallets with no user funds compromised
The Block ·
Axelar breaks down $290M bridge exploit, citing centralization, single operator setup, and compromised RPCs as key failures, urging stricter decentralization and security standards
𝕏/@axelar ·
Users urged to avoid interacting with any DeFi dApps as Vercel-linked incident involving stolen GitHub and NPM keys raises fears of compromised frontends and supply chain attacks
𝕏/Pybast ·
CoW Swap frontend compromised as Blockaid flags site malicious, DAO urges users to stop trading
𝕏/@CoWSwap ·
StakeDAO’s deployer private key was compromised on Arbitrum after an attacker minted 5.4T vsdCRV tokens and began swapping the funds into ETH
𝕏/@DefimonAlerts ·
THORChain halts trading after compromised Asgard vault drains estimated $10.7M from protocol funds
𝕏/@THORChain ·
ZetaChain halts cross-chain transactions after GatewayEVM smart contract attack, says incident only affected internal wallets with no user funds compromised
The Block ·
Axelar breaks down $290M bridge exploit, citing centralization, single operator setup, and compromised RPCs as key failures, urging stricter decentralization and security standards
𝕏/@axelar ·
Users urged to avoid interacting with any DeFi dApps as Vercel-linked incident involving stolen GitHub and NPM keys raises fears of compromised frontends and supply chain attacks
𝕏/Pybast ·
CoW Swap frontend compromised as Blockaid flags site malicious, DAO urges users to stop trading
𝕏/@CoWSwap ·