• bitcoinBitcoin (BTC) $ 96,526.00
  • ethereumEthereum (ETH) $ 3,323.66
  • tetherTether (USDT) $ 0.999666
  • bnbBNB (BNB) $ 939.09
  • xrpXRP (XRP) $ 2.09
  • solanaSolana (SOL) $ 143.28
  • usd-coinUSDC (USDC) $ 0.999731
  • staked-etherLido Staked Ether (STETH) $ 3,325.53
  • tronTRON (TRX) $ 0.309349
  • dogecoinDogecoin (DOGE) $ 0.141452
  • figure-helocFigure Heloc (FIGR_HELOC) $ 1.04
  • cardanoCardano (ADA) $ 0.397909
  • wrapped-stethWrapped stETH (WSTETH) $ 4,071.55
  • moneroMonero (XMR) $ 702.31
  • whitebitWhiteBIT Coin (WBT) $ 57.98
  • wrapped-beacon-ethWrapped Beacon ETH (WBETH) $ 3,615.56
  • wrapped-bitcoinWrapped Bitcoin (WBTC) $ 96,239.00
  • bitcoin-cashBitcoin Cash (BCH) $ 590.03
  • wrapped-eethWrapped eETH (WEETH) $ 3,608.86
  • chainlinkChainlink (LINK) $ 13.91
  • usdsUSDS (USDS) $ 0.999599
  • binance-bridged-usdt-bnb-smart-chainBinance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 0.999791
  • wethWETH (WETH) $ 3,323.70
  • leo-tokenLEO Token (LEO) $ 8.89
  • stellarStellar (XLM) $ 0.230790
  • coinbase-wrapped-btcCoinbase Wrapped BTC (CBBTC) $ 96,556.00
  • zcashZcash (ZEC) $ 417.80
  • suiSui (SUI) $ 1.80
  • ethena-usdeEthena USDe (USDE) $ 0.999765
  • avalanche-2Avalanche (AVAX) $ 13.98
  • hyperliquidHyperliquid (HYPE) $ 24.92
  • litecoinLitecoin (LTC) $ 72.96
  • hedera-hashgraphHedera (HBAR) $ 0.120193
  • shiba-inuShiba Inu (SHIB) $ 0.000008
  • canton-networkCanton (CC) $ 0.130811
  • usdt0USDT0 (USDT0) $ 0.999679
  • world-liberty-financialWorld Liberty Financial (WLFI) $ 0.170578
  • daiDai (DAI) $ 0.999582
  • susdssUSDS (SUSDS) $ 1.08
  • the-open-networkToncoin (TON) $ 1.75
  • crypto-com-chainCronos (CRO) $ 0.101594
  • ethena-staked-usdeEthena Staked USDe (SUSDE) $ 1.21
  • paypal-usdPayPal USD (PYUSD) $ 0.999969
  • polkadotPolkadot (DOT) $ 2.16
  • usd1-wlfiUSD1 (USD1) $ 0.999220
  • uniswapUniswap (UNI) $ 5.40
  • rainRain (RAIN) $ 0.009745
  • mantleMantle (MNT) $ 0.961661
  • memecoreMemeCore (M) $ 1.61
  • bittensorBittensor (TAO) $ 283.28
  • aaveAave (AAVE) $ 173.62
  • bitget-tokenBitget Token (BGB) $ 3.71
  • pepePepe (PEPE) $ 0.000006
  • okbOKB (OKB) $ 114.77
  • tether-goldTether Gold (XAUT) $ 4,601.99
  • internet-computerInternet Computer (ICP) $ 4.25
  • nearNEAR Protocol (NEAR) $ 1.75
  • falcon-financeFalcon USD (USDF) $ 0.997126
  • jito-staked-solJito Staked SOL (JITOSOL) $ 179.58
  • binance-peg-wethBinance-Peg WETH (WETH) $ 3,325.52
  • ethereum-classicEthereum Classic (ETC) $ 12.81
  • ethenaEthena (ENA) $ 0.228273
  • pax-goldPAX Gold (PAXG) $ 4,618.32
  • blackrock-usd-institutional-digital-liquidity-fundBlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
  • pi-networkPi Network (PI) $ 0.206149
  • aster-2Aster (ASTER) $ 0.725388
  • pump-funPump.fun (PUMP) $ 0.002882
  • jupiter-perpetuals-liquidity-provider-tokenJupiter Perpetuals Liquidity Provider Token (JLP) $ 4.91
  • polygon-ecosystem-tokenPOL (ex-MATIC) (POL) $ 0.152393
  • binance-staked-solBinance Staked SOL (BNSOL) $ 156.45
  • htx-daoHTX DAO (HTX) $ 0.000002
  • worldcoin-wldWorldcoin (WLD) $ 0.575007
  • kucoin-sharesKuCoin (KCS) $ 11.57
  • global-dollarGlobal Dollar (USDG) $ 0.999753
  • hashnote-usycCircle USYC (USYC) $ 1.11
  • aptosAptos (APT) $ 1.85
  • wbnbWrapped BNB (WBNB) $ 939.33
  • ripple-usdRipple USD (RLUSD) $ 0.999285
  • rocket-pool-ethRocket Pool ETH (RETH) $ 3,837.33
  • syrupusdcsyrupUSDC (SYRUPUSDC) $ 1.15
  • skySky (SKY) $ 0.059497
  • bfusdBFUSD (BFUSD) $ 0.999149
  • binance-bridged-usdc-bnb-smart-chainBinance Bridged USDC (BNB Smart Chain) (USDC) $ 0.999683
  • kaspaKaspa (KAS) $ 0.046519
  • kelp-dao-restaked-ethKelp DAO Restaked ETH (RSETH) $ 3,527.27
  • ondo-financeOndo (ONDO) $ 0.383660
  • cosmosCosmos Hub (ATOM) $ 2.48
  • arbitrumArbitrum (ARB) $ 0.210314
  • gatechain-tokenGate (GT) $ 10.45
  • algorandAlgorand (ALGO) $ 0.131649
  • render-tokenRender (RENDER) $ 2.24
  • hash-2Provenance Blockchain (HASH) $ 0.021528
  • filecoinFilecoin (FIL) $ 1.51
  • official-trumpOfficial Trump (TRUMP) $ 5.41
  • lombard-staked-btcLombard Staked BTC (LBTC) $ 96,676.00
  • ignition-fbtcFunction FBTC (FBTC) $ 96,046.00
  • myx-financeMYX Finance (MYX) $ 5.48
  • solv-btcSolv Protocol BTC (SOLVBTC) $ 96,082.00
  • midnight-3Midnight (NIGHT) $ 0.060914
  • vechainVeChain (VET) $ 0.011732
  • dashDash (DASH) $ 78.37
  • nexoNEXO (NEXO) $ 0.967924
  • usddUSDD (USDD) $ 0.999332
  • bonkBonk (BONK) $ 0.000011
  • flare-networksFlare (FLR) $ 0.011291
  • liquid-staked-ethereumLiquid Staked ETH (LSETH) $ 3,542.29
  • mantle-staked-etherMantle Staked Ether (METH) $ 3,599.04
  • usdtbUSDtb (USDTB) $ 0.999321
  • xdce-crowd-saleXDC Network (XDC) $ 0.044460
  • story-2Story (IP) $ 2.40
  • ousgOUSG (OUSG) $ 113.97
  • sei-networkSei (SEI) $ 0.121894
  • bridged-usdc-polygon-pos-bridgePolygon Bridged USDC (Polygon PoS) (USDC.E) $ 0.999608
  • pudgy-penguinsPudgy Penguins (PENGU) $ 0.012426
  • arbitrum-bridged-wbtc-arbitrum-oneArbitrum Bridged WBTC (Arbitrum One) (WBTC) $ 96,090.00
  • wrappedm-by-m0WrappedM by M0 (WM) $ 0.997679
  • janus-henderson-anemoy-aaa-clo-fundJanus Henderson Anemoy AAA CLO Fund (JAAA) $ 1.02
  • superstate-short-duration-us-government-securities-fund-ustbSuperstate Short Duration U.S. Government Securities Fund (USTB) (USTB) $ 10.96
  • morphoMorpho (MORPHO) $ 1.40
  • clbtcclBTC (CLBTC) $ 96,264.00
  • renzo-restaked-ethRenzo Restaked ETH (EZETH) $ 3,552.70
  • pancakeswap-tokenPancakeSwap (CAKE) $ 2.15
  • jupiter-exchange-solanaJupiter (JUP) $ 0.223889
  • jupiter-staked-solJupiter Staked SOL (JUPSOL) $ 166.47
  • ondo-us-dollar-yieldOndo US Dollar Yield (USDY) $ 1.12
  • stakewise-v3-osethStakeWise Staked ETH (OSETH) $ 3,531.70
  • beldexBeldex (BDX) $ 0.090214
  • optimismOptimism (OP) $ 0.345723
  • blockstackStacks (STX) $ 0.374902
  • usdaiUSDai (USDAI) $ 1.00
  • virtual-protocolVirtuals Protocol (VIRTUAL) $ 1.01
  • l2-standard-bridged-weth-baseL2 Standard Bridged WETH (Base) (WETH) $ 3,324.01
  • syrupusdtsyrupUSDT (SYRUPUSDT) $ 1.11
  • wrapped-flareWrapped Flare (WFLR) $ 0.011296
  • fetch-aiArtificial Superintelligence Alliance (FET) $ 0.279975
  • polygon-pos-bridged-dai-polygon-posPolygon PoS Bridged DAI (Polygon POS) (DAI) $ 0.999832
  • tezosTezos (XTZ) $ 0.584129
  • curve-dao-tokenCurve DAO (CRV) $ 0.423051
  • chilizChiliz (CHZ) $ 0.060048
  • eutblSpiko EU T-Bills Money Market Fund (EUTBL) $ 1.21
  • c8ntinuumc8ntinuum (CTM) $ 0.133466
  • usual-usdUsual USD (USD0) $ 0.996048
  • tbtctBTC (TBTC) $ 96,502.00
  • kinetic-staked-hypeKinetiq Staked HYPE (KHYPE) $ 25.20
  • arbitrum-bridged-weth-arbitrum-oneArbitrum Bridged WETH (Arbitrum One) (WETH) $ 3,323.69
  • spx6900SPX6900 (SPX) $ 0.580959
  • gtethGTETH (GTETH) $ 3,323.48
  • lido-daoLido DAO (LDO) $ 0.623322
  • injective-protocolInjective (INJ) $ 5.23
  • aerodrome-financeAerodrome Finance (AERO) $ 0.569485
  • first-digital-usdFirst Digital USD (FDUSD) $ 0.999330
  • a7a5A7A5 (A7A5) $ 0.012693
  • ghoGHO (GHO) $ 0.999836
  • true-usdTrueUSD (TUSD) $ 0.999690
  • msolMarinade Staked SOL (MSOL) $ 193.69
  • flokiFLOKI (FLOKI) $ 0.000051
  • celestiaCelestia (TIA) $ 0.566320
  • ether-fiEther.fi (ETHFI) $ 0.745861
  • ether-fi-liquid-ethEther.Fi Liquid ETH (LIQUIDETH) $ 3,590.74
  • lighterLighter (LIT) $ 1.85
  • fasttokenFasttoken (FTN) $ 1.09
  • stader-ethxStader ETHx (ETHX) $ 3,584.33
  • coinbase-wrapped-staked-ethCoinbase Wrapped Staked ETH (CBETH) $ 3,720.83
  • doublezeroDoubleZero (2Z) $ 0.133839
  • decredDecred (DCR) $ 26.36
  • steakhouse-usdc-morpho-vaultSteakhouse USDC Morpho Vault (STEAKUSDC) $ 1.11
  • janus-henderson-anemoy-treasury-fundJanus Henderson Anemoy Treasury Fund (JTRSY) $ 1.09
  • wrapped-apecoinWrapped ApeCoin (WAPE) $ 0.219378
  • the-graphThe Graph (GRT) $ 0.041115
  • sbtc-2sBTC (SBTC) $ 96,950.00
  • starknetStarknet (STRK) $ 0.085996
  • syrupMaple Finance (SYRUP) $ 0.375888
  • staked-aaveStaked Aave (STKAAVE) $ 173.03
  • newton-projectAB (AB) $ 0.004395
  • bittorrentBitTorrent (BTT) $ 0.00000043
  • riverRiver (RIVER) $ 21.41
  • iotaIOTA (IOTA) $ 0.097572
  • jasmycoinJasmyCoin (JASMY) $ 0.008327
  • justJUST (JST) $ 0.041130
  • usdbUSDB (USDB) $ 0.989057
  • sun-tokenSun Token (SUN) $ 0.020835
  • ethereum-name-serviceEthereum Name Service (ENS) $ 10.49
  • wrapped-stx-velarWrapped STX (Velar) (WSTX) $ 0.399255
  • bitcoin-svBitcoin SV (BSV) $ 19.99
  • conflux-tokenConflux (CFX) $ 0.076614
  • trust-wallet-tokenTrust Wallet (TWT) $ 0.938038
  • dogwifcoindogwifhat (WIF) $ 0.386457
  • gnosisGnosis (GNO) $ 146.03
  • fartcoinFartcoin (FARTCOIN) $ 0.378781
  • pyth-networkPyth Network (PYTH) $ 0.065900
  • telcoinTelcoin (TEL) $ 0.003954
  • cap-usdCap USD (CUSD) $ 0.982667
  • humanityHumanity (H) $ 0.204762
  • bitcoin-avalanche-bridged-btc-bAvalanche Bridged BTC (Avalanche) (BTC.B) $ 96,531.00
  • crvusdcrvUSD (CRVUSD) $ 0.998044
  • binance-peg-dogecoinBinance-Peg Dogecoin (DOGE) $ 0.141608
  • pendlePendle (PENDLE) $ 2.14
  • apenftAINFT (NFT) $ 0.00000036
  • kaiaKaia (KAIA) $ 0.060897
  • euro-coinEURC (EURC) $ 1.16
Bitcoin

New React bug that can drain all your tokens is impacting ‘thousands of’ websites

By admin
0 29

New React bug that can drain all your tokens is impacting 'thousands of' websites

A critical vulnerability in React Server Components is being actively exploited by multiple threat groups, putting thousands of websites — including crypto platforms — at immediate risk with users possibly seeing all their assets drained, if impacted.

The flaw, tracked as CVE-2025-55182 and nicknamed React2Shell, allows attackers to execute code remotely on affected servers without authentication. React’s maintainers disclosed the issue on Dec. 3 and assigned it the highest possible severity score.

Shortly after disclosure, GTIG observed widespread exploitation by both financially motivated criminals and suspected state-backed hacking groups, targeting unpatched React and Next.js applications across cloud environments.

Crypto Drainers using React CVE-2025-55182

We are observing a big uptick in drainers uploaded to legitimate (crypto) websites through exploitation of the recent React CVE.

All websites should review front-end code for any suspicious assets NOW.

— Security Alliance (@_SEAL_Org) December 13, 2025

What the vulnerability does

React Server Components are used to run parts of a web application directly on a server instead of in a user’s browser. The vulnerability stems from how React decodes incoming requests to these server-side functions.

In simple terms, attackers can send a specially crafted web request that tricks the server into running arbitrary commands, or effectively handing over control of the system to the attacker.

The bug affects React versions 19.0 through 19.2.0, including packages used by popular frameworks such as Next.js. Merely having the vulnerable packages installed is often enough to allow exploitation.

How attackers are using it

The Google Threat Intelligence Group (GTIG) documented multiple active campaigns using the flaw to deploy malware, backdoors and crypto-mining software.

Some attackers began exploiting the flaw within days of disclosure to install Monero mining software. These attacks quietly consume server resources and electricity, generating profits for attackers while degrading system performance for victims.

Crypto platforms rely heavily on modern JavaScript frameworks such as React and Next.js, often handling wallet interactions, transaction signing and permit approvals through front-end code.

If a website is compromised, attackers can inject malicious scripts that intercept wallet interactions or redirect transactions to their own wallets— even if the underlying blockchain protocol remains secure.

That makes front-end vulnerabilities particularly dangerous for users who sign transactions through browser wallets.

Source

admin 17064 posts 0 comments
You might also like More from author

Leave A Reply

Your email address will not be published.