Vercel says attackers accessed its internal systems, sparking fears poisoned Next.js code could be used to drain funds from DeFi apps.