How a Roblox Cheat Script Led to a $2M Vercel Hack

Added: 2026-05-05

[00:00:00]One employee, one Roblox cheat script, one download. Two months later, hackers are auctioning Verscell source code on a public forum for $2 million. And as proof, they dropped 580 Verscell employee records, including names, account status, a screenshot of what looks like Versel's internal enterprise dashboard, access to npm tokens, GitHub tokens, etc. And this all happened because one employee at a company or startup called context.ai AI over here downloaded Roblox autofarmm scripts on their work laptop. So what happened? How did one download on one machine turn into Verscel's source code getting auctioned off? And who is the person, the hacker doing the selling? So today I'm going to break down the full chain, how one bad click led to this $2 million hack in only two months. And if you want deep dives like this on breaking AI news, hit like, hit subscribe, and hit the bell. Okay, so on February 26, a context.ai AI employee with privileged access to their company's stack opened a browser and they were just searching for Roblox autoform scripts. Basically a way to cheat in Roblox. Uh they found one, they installed it, but unwittingly they also installed Llama Stealer bundled with a script. Okay, this is the Wikipedia overview page about it. It runs on once on install and then it scrapes everything that your browser knows. So if your browser has any save passwords, all the session cookies, if you use the autofill form fields and stuff, LMA stealer will basically grab all of that. So it walked away with the employees Google Workspace credentials, Subbase keys, an admin account for context.ai, etc. And this wasn't a senior engineer at an enterprise company getting fished, right? This wasn't spear fishing. Uh, this employee was trying to dominate a Roblox server and cheat and then accidentally downloaded something that came with an info stealer. So, downloading a Roblox cheat on a work laptop is like propping the back door of bank vault open so that you can sneak snacks in. Like, why are you even doing this in the first place? So, everything looks fine. Like, nobody noticed, right?

[00:02:06]But Hudson Rock over here, the cyber crime intelligence firm who broke this link, found something totally crazy. So context.ai has exactly one info stealer infection on record in their entire history. It was just this one employee one month before the Verscell breach. So we have one infection one month, one crack in the door. However, the Llama Stealer isn't just some random virus. Uh it's an actual business. And if you want to understand why this keeps happening to relatively smart employees at tech companies, you need to understand the business itself. So LMA Steeler has a name. It has an author. They wrote it in C++ and assembly and it's been sitting on cyber crime forums since 2022. It's called malware as a service. Uh it's basically an info stealer you rent and affiliates run the distribution. Like they run fishing emails, fake Google ads posing with legit software, compromised websites, and the technique everyone underestimates are fake capture pages where sites ask you to verify your human by pasting a command into the Windows run box. So when you paste something like that, you can accidentally infect your computer. Now, unfortunately, once LMA stealer lands on your machine, you don't even know. It's very patient. It waits until your mouse moves like a human is using it. And it uses different processes to where the skin of a program Windows trusts, right? So, it's bypassing Win API entirely and talking to the kernel with direct system calls.

[00:03:36]So, most security tools just miss it.

[00:03:39]like they don't notice. Then it takes all of the information it can get like everything through your browser, anything you have saved, even crypto wallets, chat apps, user files, it sends it all back to control servers with Telegram and Dropbox and Steam as fallback channels if the main servers go dark. So over a two-month window in early 2025, Microsoft counted over almost 400,000 infected computers. Not in total, but just in that 60-day window, almost 400,000 infected. And right after that, Microsoft led a global takedown. They seized almost 2,2500 domains tied to Llama in a single operation. They called it a win. And you know, Llama's reputation took a hit. But just weeks later, activity resurged again. Now, most security tools treat info stealers like spam, like background noise, not a supply chain attack weapon.

[00:04:34]But this is exactly the assumption that made everything go wrong here. Um, the context.ai's employee downloaded the Roblox cheats and it became a supply chain problem, a Verselized problem. So that one cheating script went on one laptop and two months later just from that hackers are selling Versel's company source code. So Versell's updated security advisory named the cause in one sentence. They said the compromise of a third-party AI tools Google Workspace Oath application.

[00:05:08]That's the back door. And here's what Hudson Rock found when they pulled the infected machines data apart. Um so the OOTH client's ID is for a contact context.AI AI branded Google Workspace app. Uh, it was sitting right there in the compromised employees browser autofill fields. A full string is actually in this article that I have open here. And basically anyone with a Google admin access can look it up against your own workspace in 60 seconds. And in fact, uh, if you scroll down to the bottom here, there are recommendations to do that here in step-by-step security audits. So, basically, this OOTH app had delegated access to Google Workspace data. So when the employees credentials went into Llama, so did the app's access. Now Llama has access to it too. And the same employee was a core member of the context inc Versell team. So their browser history shows you exactly where the hackers uh walked in next. They had three URLs inside a Verscell project called Valinor. Okay. And if you read the hackers forum post, let me pull it up here. Yeah, let me zoom in here.

[00:06:16]Now, if you read the hackers forum post, they're actually selling access keys, source code, database data, multiple employee accounts with access to several internal deployments, npm tokens, GitHub tokens. They used a linear ticket data as proof. Okay, they posted a screenshot of an internal Mercur enterprise dashboard and bleeping computer over here says they were unable to an independently confirm the screenshot.

[00:06:41]Okay. But the hackers are saying, "Give us $2 million to make it go away." And this hacker is actually running two plays at once. They're publicly selling it on this forum so that anyone can get access or the highest bidder can get access. And privately, they're asking Versel to pay a ransom so the access doesn't stay on the market. So, pay us or we keep selling this publicly. Now, the hacker claims to be Shiny Hunters, which is a known extortion crew, but other Shiny Hunters linked actors told Bleeping Computer over here that they have no involvement. So, we don't really know who's doing this. But, does it matter exactly who's doing the selling?

[00:07:21]I mean, if uh your source code for a multi-billion dollar company is up for sale, uh does it uh you just want to do whatever it takes to get it down? So, Versel's own advice to customers uh was issued earlier today. Okay, so review your environment variables, use sensitive environment variable features and rotate your secrets which is all just best practice. Okay, in addition to that obviously audits your Google Workspace OOTH ops. So info stealers here has some nice recommendations. So you just open admin console go to security uh check out third-party app access okay and then that you can see the client ID here. This is the malicious client's ID tied to this particular hack. Says search for it in your accessed apps list and if it's in there, you want to revoke it. Also, look at every other OOTH app that you've authorized, right? Like if you don't know what it does or why it has access or you don't need it anymore, just revoke it. You know, that's how you stay safe. Number two, treat every third party AI tool as a potential backdoor.

[00:08:19]So if you authorize a tool to touch Google Workspace, Slack, GitHub, anything with your production keys, just make sure that it's secure. If any of those are breached, you know, you can be in fact you can be impacted. So you just want to be careful. So every OOTH app you're authorizing is a potential backdoor. So just make sure you're like regularly monitoring them and cleaning them up. And tip number three is just to rotate your secrets on a schedule, right? API keys, npm tokens, GitHub tokens, any sensitive environment variables. So, just make sure you do that on a regular basis. If you want more news breakdowns like this, hit subscribe, hit the notification bell.

[00:08:57]See you in the next one.