A Stripe webhook incident led to a Denial of Service (DoS) attack on a Vercel function, resulting in a $23,000 bill due to 63GB of serverless execution over two days. This occurred when an attacker created approximately 545,000 fake accounts and subscriptions on Stripe, triggering Vercel to become overwhelmed as Stripe retried the unprocessed webhooks. The incident highlights the importance of implementing rate limits and spend management controls for serverless workloads to prevent cascading failures. While some suggested using Cloudflare or verifying HMAC signatures as solutions, these were deemed ineffective due to the legitimate nature of webhook requests. The recommended approach involves both webhook providers and consumers applying rate limiting and circuit-breaking strategies to manage webhook traffic effectively, ensuring better control and prevention of similar situations in the future.