• bitcoinBitcoin (BTC) $ 73,923.00
  • ethereumEthereum (ETH) $ 2,330.74
  • tetherTether (USDT) $ 0.999974
  • xrpXRP (XRP) $ 1.52
  • bnbBNB (BNB) $ 679.04
  • usd-coinUSDC (USDC) $ 0.999899
  • solanaSolana (SOL) $ 95.01
  • tronTRON (TRX) $ 0.296776
  • staked-etherLido Staked Ether (STETH) $ 2,265.05
  • figure-helocFigure Heloc (FIGR_HELOC) $ 1.02
  • dogecoinDogecoin (DOGE) $ 0.101876
  • whitebitWhiteBIT Coin (WBT) $ 57.86
  • usdsUSDS (USDS) $ 0.999904
  • cardanoCardano (ADA) $ 0.287688
  • bitcoin-cashBitcoin Cash (BCH) $ 480.28
  • wrapped-stethWrapped stETH (WSTETH) $ 2,779.67
  • hyperliquidHyperliquid (HYPE) $ 39.36
  • leo-tokenLEO Token (LEO) $ 9.01
  • wrapped-bitcoinWrapped Bitcoin (WBTC) $ 76,243.00
  • chainlinkChainlink (LINK) $ 9.93
  • binance-bridged-usdt-bnb-smart-chainBinance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 0.998762
  • moneroMonero (XMR) $ 377.22
  • wrapped-beacon-ethWrapped Beacon ETH (WBETH) $ 2,466.93
  • ethena-usdeEthena USDe (USDE) $ 1.00
  • canton-networkCanton (CC) $ 0.153765
  • stellarStellar (XLM) $ 0.174012
  • wrapped-eethWrapped eETH (WEETH) $ 2,465.31
  • usd1-wlfiUSD1 (USD1) $ 0.998972
  • litecoinLitecoin (LTC) $ 58.44
  • susdssUSDS (SUSDS) $ 1.08
  • avalanche-2Avalanche (AVAX) $ 10.28
  • zcashZcash (ZEC) $ 266.39
  • rainRain (RAIN) $ 0.009018
  • coinbase-wrapped-btcCoinbase Wrapped BTC (CBBTC) $ 76,366.00
  • daiDai (DAI) $ 1.00
  • hedera-hashgraphHedera (HBAR) $ 0.099292
  • suiSui (SUI) $ 1.06
  • wethWETH (WETH) $ 2,268.37
  • paypal-usdPayPal USD (PYUSD) $ 0.999758
  • shiba-inuShiba Inu (SHIB) $ 0.000006
  • crypto-com-chainCronos (CRO) $ 0.079710
  • usdt0USDT0 (USDT0) $ 0.998824
  • the-open-networkToncoin (TON) $ 1.33
  • memecoreMemeCore (M) $ 1.69
  • world-liberty-financialWorld Liberty Financial (WLFI) $ 0.106328
  • tether-goldTether Gold (XAUT) $ 4,974.02
  • mantleMantle (MNT) $ 0.841726
  • polkadotPolkadot (DOT) $ 1.60
  • bittensorBittensor (TAO) $ 279.51
  • ethena-staked-usdeEthena Staked USDe (SUSDE) $ 1.22
  • uniswapUniswap (UNI) $ 4.14
  • pax-goldPAX Gold (PAXG) $ 5,001.70
  • hashnote-usycCircle USYC (USYC) $ 1.12
  • okbOKB (OKB) $ 97.32
  • blackrock-usd-institutional-digital-liquidity-fundBlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
  • pi-networkPi Network (PI) $ 0.195394
  • nearNEAR Protocol (NEAR) $ 1.44
  • aaveAave (AAVE) $ 121.73
  • skySky (SKY) $ 0.079719
  • aster-2Aster (ASTER) $ 0.725621
  • global-dollarGlobal Dollar (USDG) $ 0.999842
  • falcon-financeFalcon USD (USDF) $ 0.998779
  • syrupusdcsyrupUSDC (SYRUPUSDC) $ 1.15
  • pepePepe (PEPE) $ 0.000004
  • ripple-usdRipple USD (RLUSD) $ 0.999760
  • bitget-tokenBitget Token (BGB) $ 2.20
  • internet-computerInternet Computer (ICP) $ 2.75
  • htx-daoHTX DAO (HTX) $ 0.000002
  • ethereum-classicEthereum Classic (ETC) $ 9.00
  • ondo-financeOndo (ONDO) $ 0.284428
  • bfusdBFUSD (BFUSD) $ 0.999599
  • ondo-us-dollar-yieldOndo US Dollar Yield (USDY) $ 1.12
  • pump-funPump.fun (PUMP) $ 0.002094
  • worldcoin-wldWorldcoin (WLD) $ 0.394083
  • gatechain-tokenGate (GT) $ 7.33
  • kucoin-sharesKuCoin (KCS) $ 8.50
  • superstate-short-duration-us-government-securities-fund-ustbSuperstate Short Duration U.S. Government Securities Fund (USTB) (USTB) $ 11.02
  • jupiter-perpetuals-liquidity-provider-tokenJupiter Perpetuals Liquidity Provider Token (JLP) $ 4.00
  • polygon-ecosystem-tokenPOL (ex-MATIC) (POL) $ 0.101346
  • morphoMorpho (MORPHO) $ 1.87
  • ethenaEthena (ENA) $ 0.117848
  • cosmosCosmos Hub (ATOM) $ 1.97
  • jito-staked-solJito Staked SOL (JITOSOL) $ 124.46
  • eutblSpiko EU T-Bills Money Market Fund (EUTBL) $ 1.21
  • render-tokenRender (RENDER) $ 1.86
  • kelp-dao-restaked-ethKelp DAO Restaked ETH (RSETH) $ 2,404.69
  • nexoNEXO (NEXO) $ 0.925843
  • official-trumpOfficial Trump (TRUMP) $ 3.91
  • binance-peg-wethBinance-Peg WETH (WETH) $ 2,262.26
  • kaspaKaspa (KAS) $ 0.033172
  • rocket-pool-ethRocket Pool ETH (RETH) $ 2,631.35
  • algorandAlgorand (ALGO) $ 0.095486
  • midnight-3Midnight (NIGHT) $ 0.051148
  • binance-bridged-usdc-bnb-smart-chainBinance Bridged USDC (BNB Smart Chain) (USDC) $ 0.999945
  • usdtbUSDtb (USDTB) $ 1.00
  • aptosAptos (APT) $ 1.00
  • wbnbWrapped BNB (WBNB) $ 759.61
  • janus-henderson-anemoy-treasury-fundJanus Henderson Anemoy Treasury Fund (JTRSY) $ 1.10
  • ignition-fbtcFunction FBTC (FBTC) $ 76,389.00
  • flare-networksFlare (FLR) $ 0.008852
  • filecoinFilecoin (FIL) $ 0.972104
  • usddUSDD (USDD) $ 0.999841
  • ousgOUSG (OUSG) $ 114.58
  • hash-2Provenance Blockchain (HASH) $ 0.012456
  • syrupusdtsyrupUSDT (SYRUPUSDT) $ 1.11
  • xdce-crowd-saleXDC Network (XDC) $ 0.033626
  • vechainVeChain (VET) $ 0.007685
  • arbitrumArbitrum (ARB) $ 0.108873
  • binance-staked-solBinance Staked SOL (BNSOL) $ 108.24
  • beldexBeldex (BDX) $ 0.080378
  • yldsYLDS (YLDS) $ 0.999981
  • jupiter-exchange-solanaJupiter (JUP) $ 0.169182
  • ghoGHO (GHO) $ 0.999941
  • bonkBonk (BONK) $ 0.000007
  • stable-2​​Stable (STABLE) $ 0.027449
  • bridged-usdc-polygon-pos-bridgePolygon Bridged USDC (Polygon PoS) (USDC.E) $ 0.999720
  • usual-usdUsual USD (USD0) $ 0.995802
  • solv-btcSolv Protocol BTC (SOLVBTC) $ 76,461.00
  • fetch-aiArtificial Superintelligence Alliance (FET) $ 0.235334
  • lombard-staked-btcLombard Staked BTC (LBTC) $ 76,491.00
  • virtual-protocolVirtuals Protocol (VIRTUAL) $ 0.785840
  • pancakeswap-tokenPancakeSwap (CAKE) $ 1.51
  • true-usdTrueUSD (TUSD) $ 0.999601
  • clbtcclBTC (CLBTC) $ 76,920.00
  • pudgy-penguinsPudgy Penguins (PENGU) $ 0.007856
  • justJUST (JST) $ 0.055962
  • a7a5A7A5 (A7A5) $ 0.012319
  • blockstackStacks (STX) $ 0.261906
  • fasttokenFasttoken (FTN) $ 1.09
  • decredDecred (DCR) $ 27.05
  • stakewise-v3-osethStakeWise Staked ETH (OSETH) $ 2,419.84
  • sei-networkSei (SEI) $ 0.069060
  • layerzeroLayerZero (ZRO) $ 2.27
  • kinetic-staked-hypeKinetiq Staked HYPE (KHYPE) $ 33.97
  • dashDash (DASH) $ 35.47
  • tbtctBTC (TBTC) $ 70,942.00
  • euro-coinEURC (EURC) $ 1.15
  • wrappedm-by-m0WrappedM by M0 (WM) $ 1.00
  • ether-fiEther.fi (ETHFI) $ 0.578286
  • riverRiver (RIVER) $ 21.70
  • tezosTezos (XTZ) $ 0.394337
  • janus-henderson-anemoy-aaa-clo-fundJanus Henderson Anemoy AAA CLO Fund (JAAA) $ 1.03
  • chilizChiliz (CHZ) $ 0.039455
  • kinesis-goldKinesis Gold (KAU) $ 160.48
  • c8ntinuumc8ntinuum (CTM) $ 0.087592
  • gnosisGnosis (GNO) $ 144.07
  • mantle-staked-etherMantle Staked Ether (METH) $ 2,455.82
  • kite-2Kite (KITE) $ 0.210224
  • first-digital-usdFirst Digital USD (FDUSD) $ 1.00
  • polygon-pos-bridged-dai-polygon-posPolygon PoS Bridged DAI (Polygon POS) (DAI) $ 0.999983
  • curve-dao-tokenCurve DAO (CRV) $ 0.250674
  • resolv-wstusrResolv wstUSR (WSTUSR) $ 1.13
  • usxUSX (USX) $ 0.999537
  • cocaCOCA (COCA) $ 1.30
  • conflux-tokenConflux (CFX) $ 0.066370
  • bittorrentBitTorrent (BTT) $ 0.00000035
  • celestiaCelestia (TIA) $ 0.376333
  • liquid-staked-ethereumLiquid Staked ETH (LSETH) $ 2,406.26
  • adi-tokenADI (ADI) $ 3.41
  • arbitrum-bridged-wbtc-arbitrum-oneArbitrum Bridged WBTC (Arbitrum One) (WBTC) $ 76,200.00
  • apenftAINFT (NFT) $ 0.00000033
  • usdaiUSDai (USDAI) $ 0.999755
  • siren-2Siren (SIREN) $ 0.453068
  • hastra-primePRIME (PRIME) $ 1.03
  • wrapped-flareWrapped Flare (WFLR) $ 0.009961
  • injective-protocolInjective (INJ) $ 3.25
  • aerodrome-financeAerodrome Finance (AERO) $ 0.351051
  • l2-standard-bridged-weth-baseL2 Standard Bridged WETH (Base) (WETH) $ 2,266.86
  • sun-tokenSun Token (SUN) $ 0.016776
  • steakhouse-usdc-morpho-vaultSteakhouse USDC Morpho Vault (STEAKUSDC) $ 1.12
  • kaiaKaia (KAIA) $ 0.054763
  • spx6900SPX6900 (SPX) $ 0.339038
  • syrupMaple Finance (SYRUP) $ 0.270546
  • flokiFLOKI (FLOKI) $ 0.000032
  • bitcoin-svBitcoin SV (BSV) $ 15.22
  • binance-peg-xrpBinance-Peg XRP (XRP) $ 1.59
  • jasmycoinJasmyCoin (JASMY) $ 0.005946
  • ether-fi-liquid-ethEther.Fi Liquid ETH (LIQUIDETH) $ 2,443.47
  • lighterLighter (LIT) $ 1.17
  • renzo-restaked-ethRenzo Restaked ETH (EZETH) $ 2,421.84
  • the-graphThe Graph (GRT) $ 0.027828
  • pyth-networkPyth Network (PYTH) $ 0.050040
  • sbtc-2sBTC (SBTC) $ 77,039.00
  • iotaIOTA (IOTA) $ 0.066365
  • optimismOptimism (OP) $ 0.134248
  • doublezeroDoubleZero (2Z) $ 0.081393
  • jupiter-staked-solJupiter Staked SOL (JUPSOL) $ 115.56
  • venice-tokenVenice Token (VVV) $ 6.29
  • savings-usddSavings USDD (SUSDD) $ 1.03
  • story-2Story (IP) $ 0.794365
  • lido-daoLido DAO (LDO) $ 0.327012
  • fraxLegacy Frax Dollar (FRAX) $ 0.993470
  • msolMarinade Staked SOL (MSOL) $ 133.18
  • olympusOlympus (OHM) $ 17.14
  • arbitrum-bridged-weth-arbitrum-oneArbitrum Bridged WETH (Arbitrum One) (WETH) $ 2,265.06
  • official-foOfficial FO (FO) $ 0.265790
  • plasmaPlasma (XPL) $ 0.118098
  • ape-and-pepeApe and Pepe (APEPE) $ 0.000001
  • monadMonad (MON) $ 0.023958
  • staked-aaveStaked Aave (STKAAVE) $ 126.65
Bitcoin

New React bug that can drain all your tokens is impacting ‘thousands of’ websites

By admin
0 72

New React bug that can drain all your tokens is impacting 'thousands of' websites

A critical vulnerability in React Server Components is being actively exploited by multiple threat groups, putting thousands of websites — including crypto platforms — at immediate risk with users possibly seeing all their assets drained, if impacted.

The flaw, tracked as CVE-2025-55182 and nicknamed React2Shell, allows attackers to execute code remotely on affected servers without authentication. React’s maintainers disclosed the issue on Dec. 3 and assigned it the highest possible severity score.

Shortly after disclosure, GTIG observed widespread exploitation by both financially motivated criminals and suspected state-backed hacking groups, targeting unpatched React and Next.js applications across cloud environments.

Crypto Drainers using React CVE-2025-55182

We are observing a big uptick in drainers uploaded to legitimate (crypto) websites through exploitation of the recent React CVE.

All websites should review front-end code for any suspicious assets NOW.

— Security Alliance (@_SEAL_Org) December 13, 2025

What the vulnerability does

React Server Components are used to run parts of a web application directly on a server instead of in a user’s browser. The vulnerability stems from how React decodes incoming requests to these server-side functions.

In simple terms, attackers can send a specially crafted web request that tricks the server into running arbitrary commands, or effectively handing over control of the system to the attacker.

The bug affects React versions 19.0 through 19.2.0, including packages used by popular frameworks such as Next.js. Merely having the vulnerable packages installed is often enough to allow exploitation.

How attackers are using it

The Google Threat Intelligence Group (GTIG) documented multiple active campaigns using the flaw to deploy malware, backdoors and crypto-mining software.

Some attackers began exploiting the flaw within days of disclosure to install Monero mining software. These attacks quietly consume server resources and electricity, generating profits for attackers while degrading system performance for victims.

Crypto platforms rely heavily on modern JavaScript frameworks such as React and Next.js, often handling wallet interactions, transaction signing and permit approvals through front-end code.

If a website is compromised, attackers can inject malicious scripts that intercept wallet interactions or redirect transactions to their own wallets— even if the underlying blockchain protocol remains secure.

That makes front-end vulnerabilities particularly dangerous for users who sign transactions through browser wallets.

Source

admin 19086 posts 0 comments
You might also like More from author

Leave A Reply

Your email address will not be published.