• bitcoinBitcoin (BTC) $ 87,076.00
  • ethereumEthereum (ETH) $ 2,950.53
  • tetherTether (USDT) $ 0.999962
  • bnbBNB (BNB) $ 862.81
  • xrpXRP (XRP) $ 1.91
  • usd-coinUSDC (USDC) $ 1.00
  • tronTRON (TRX) $ 0.279401
  • staked-etherLido Staked Ether (STETH) $ 2,947.79
  • dogecoinDogecoin (DOGE) $ 0.130897
  • figure-helocFigure Heloc (FIGR_HELOC) $ 1.03
  • cardanoCardano (ADA) $ 0.387675
  • whitebitWhiteBIT Coin (WBT) $ 58.02
  • wrapped-stethWrapped stETH (WSTETH) $ 3,603.49
  • wrapped-bitcoinWrapped Bitcoin (WBTC) $ 86,840.00
  • bitcoin-cashBitcoin Cash (BCH) $ 536.81
  • wrapped-beacon-ethWrapped Beacon ETH (WBETH) $ 3,201.07
  • usdsUSDS (USDS) $ 0.999831
  • chainlinkChainlink (LINK) $ 12.88
  • binance-bridged-usdt-bnb-smart-chainBinance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 0.999795
  • wrapped-eethWrapped eETH (WEETH) $ 3,195.81
  • leo-tokenLEO Token (LEO) $ 9.23
  • moneroMonero (XMR) $ 416.43
  • wethWETH (WETH) $ 2,949.36
  • hyperliquidHyperliquid (HYPE) $ 27.13
  • stellarStellar (XLM) $ 0.220716
  • zcashZcash (ZEC) $ 392.87
  • ethena-usdeEthena USDe (USDE) $ 0.999179
  • coinbase-wrapped-btcCoinbase Wrapped BTC (CBBTC) $ 87,075.00
  • litecoinLitecoin (LTC) $ 78.50
  • suiSui (SUI) $ 1.50
  • avalanche-2Avalanche (AVAX) $ 12.33
  • hedera-hashgraphHedera (HBAR) $ 0.115400
  • usdt0USDT0 (USDT0) $ 0.999997
  • susdssUSDS (SUSDS) $ 1.08
  • shiba-inuShiba Inu (SHIB) $ 0.000008
  • daiDai (DAI) $ 0.999576
  • mantleMantle (MNT) $ 1.26
  • paypal-usdPayPal USD (PYUSD) $ 0.999673
  • the-open-networkToncoin (TON) $ 1.52
  • world-liberty-financialWorld Liberty Financial (WLFI) $ 0.133421
  • crypto-com-chainCronos (CRO) $ 0.095864
  • ethena-staked-usdeEthena Staked USDe (SUSDE) $ 1.21
  • uniswapUniswap (UNI) $ 5.11
  • polkadotPolkadot (DOT) $ 1.92
  • memecoreMemeCore (M) $ 1.68
  • aaveAave (AAVE) $ 188.34
  • usd1-wlfiUSD1 (USD1) $ 0.999191
  • canton-networkCanton (CC) $ 0.073558
  • rainRain (RAIN) $ 0.007801
  • bittensorBittensor (TAO) $ 264.71
  • bitget-tokenBitget Token (BGB) $ 3.55
  • okbOKB (OKB) $ 107.40
  • tether-goldTether Gold (XAUT) $ 4,277.36
  • falcon-financeFalcon USD (USDF) $ 0.998901
  • nearNEAR Protocol (NEAR) $ 1.55
  • ethereum-classicEthereum Classic (ETC) $ 12.39
  • aster-2Aster (ASTER) $ 0.817987
  • blackrock-usd-institutional-digital-liquidity-fundBlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
  • jito-staked-solJito Staked SOL (JITOSOL) $ 160.25
  • binance-peg-wethBinance-Peg WETH (WETH) $ 2,949.09
  • pepePepe (PEPE) $ 0.000004
  • ethenaEthena (ENA) $ 0.220314
  • internet-computerInternet Computer (ICP) $ 3.03
  • pi-networkPi Network (PI) $ 0.195608
  • jupiter-perpetuals-liquidity-provider-tokenJupiter Perpetuals Liquidity Provider Token (JLP) $ 4.55
  • syrupusdcsyrupUSDC (SYRUPUSDC) $ 1.14
  • solanaWrapped SOL (SOL) $ 128.43
  • hash-2Provenance Blockchain (HASH) $ 0.030985
  • htx-daoHTX DAO (HTX) $ 0.000002
  • pax-goldPAX Gold (PAXG) $ 4,288.22
  • pump-funPump.fun (PUMP) $ 0.002435
  • global-dollarGlobal Dollar (USDG) $ 0.999829
  • hashnote-usycCircle USYC (USYC) $ 1.11
  • kucoin-sharesKuCoin (KCS) $ 10.34
  • syrupusdtsyrupUSDT (SYRUPUSDT) $ 1.11
  • worldcoin-wldWorldcoin (WLD) $ 0.536955
  • skySky (SKY) $ 0.057454
  • bfusdBFUSD (BFUSD) $ 0.999266
  • ripple-usdRipple USD (RLUSD) $ 0.999448
  • ondo-financeOndo (ONDO) $ 0.410500
  • binance-bridged-usdc-bnb-smart-chainBinance Bridged USDC (BNB Smart Chain) (USDC) $ 1.00
  • rocket-pool-ethRocket Pool ETH (RETH) $ 3,392.41
  • binance-staked-solBinance Staked SOL (BNSOL) $ 139.77
  • gatechain-tokenGate (GT) $ 10.23
  • polygon-ecosystem-tokenPOL (ex-MATIC) (POL) $ 0.112711
  • aptosAptos (APT) $ 1.58
  • wbnbWrapped BNB (WBNB) $ 862.83
  • kaspaKaspa (KAS) $ 0.042947
  • arbitrumArbitrum (ARB) $ 0.198125
  • kelp-dao-restaked-ethKelp DAO Restaked ETH (RSETH) $ 3,127.87
  • official-trumpOfficial Trump (TRUMP) $ 5.28
  • algorandAlgorand (ALGO) $ 0.115633
  • ignition-fbtcFunction FBTC (FBTC) $ 86,423.00
  • cosmosCosmos Hub (ATOM) $ 2.05
  • liquid-staked-ethereumLiquid Staked ETH (LSETH) $ 3,145.23
  • lombard-staked-btcLombard Staked BTC (LBTC) $ 87,113.00
  • solv-btcSolv Protocol BTC (SOLVBTC) $ 86,746.00
  • midnight-3Midnight (NIGHT) $ 0.055711
  • xdce-crowd-saleXDC Network (XDC) $ 0.050151
  • filecoinFilecoin (FIL) $ 1.27
  • nexoNEXO (NEXO) $ 0.924935
  • flare-networksFlare (FLR) $ 0.011465
  • vechainVeChain (VET) $ 0.010769
  • superstate-short-duration-us-government-securities-fund-ustbSuperstate Short Duration U.S. Government Securities Fund (USTB) (USTB) $ 10.92
  • usdtbUSDtb (USDTB) $ 1.00
  • ousgOUSG (OUSG) $ 113.64
  • usddUSDD (USDD) $ 0.999768
  • wrappedm-by-m0WrappedM by M^0 (WM) $ 1.00
  • sei-networkSei (SEI) $ 0.118820
  • janus-henderson-anemoy-aaa-clo-fundJanus Henderson Anemoy AAA CLO Fund (JAAA) $ 1.02
  • render-tokenRender (RENDER) $ 1.41
  • kinetic-staked-hypeKinetiq Staked HYPE (KHYPE) $ 27.33
  • bonkBonk (BONK) $ 0.000009
  • arbitrum-bridged-wbtc-arbitrum-oneArbitrum Bridged WBTC (Arbitrum One) (WBTC) $ 86,847.00
  • mantle-staked-etherMantle Staked Ether (METH) $ 3,190.88
  • ondo-us-dollar-yieldOndo US Dollar Yield (USDY) $ 1.11
  • beldexBeldex (BDX) $ 0.091227
  • pancakeswap-tokenPancakeSwap (CAKE) $ 2.02
  • clbtcclBTC (CLBTC) $ 86,536.00
  • bridged-usdc-polygon-pos-bridgePolygon Bridged USDC (Polygon PoS) (USDC.E) $ 0.999821
  • usdaiUSDai (USDAI) $ 1.01
  • renzo-restaked-ethRenzo Restaked ETH (EZETH) $ 3,151.28
  • myx-financeMYX Finance (MYX) $ 3.41
  • wrapped-flareWrapped Flare (WFLR) $ 0.011467
  • pudgy-penguinsPudgy Penguins (PENGU) $ 0.010197
  • polygon-pos-bridged-dai-polygon-posPolygon PoS Bridged DAI (Polygon POS) (DAI) $ 0.999929
  • jupiter-staked-solJupiter Staked SOL (JUPSOL) $ 148.44
  • l2-standard-bridged-weth-baseL2 Standard Bridged WETH (Base) (WETH) $ 2,948.33
  • jupiter-exchange-solanaJupiter (JUP) $ 0.191044
  • morphoMorpho (MORPHO) $ 1.10
  • story-2Story (IP) $ 1.72
  • fetch-aiArtificial Superintelligence Alliance (FET) $ 0.224782
  • stakewise-v3-osethStakeWise Staked ETH (OSETH) $ 3,099.43
  • optimismOptimism (OP) $ 0.292169
  • ultimaUltima (ULTIMA) $ 5,486.79
  • usual-usdUsual USD (USD0) $ 0.997592
  • arbitrum-bridged-weth-arbitrum-oneArbitrum Bridged WETH (Arbitrum One) (WETH) $ 2,949.83
  • tbtctBTC (TBTC) $ 86,857.00
  • curve-dao-tokenCurve DAO (CRV) $ 0.363495
  • bridged-wrapped-ether-pundi-aifx-omnilayerBridged Wrapped Ether (Pundi AIFX Omnilayer) (WETH) $ 35,382,014.00
  • first-digital-usdFirst Digital USD (FDUSD) $ 0.998651
  • dashDash (DASH) $ 41.14
  • injective-protocolInjective (INJ) $ 4.98
  • lido-daoLido DAO (LDO) $ 0.554671
  • tezosTezos (XTZ) $ 0.462202
  • true-usdTrueUSD (TUSD) $ 0.995882
  • cgeth-hashkey-cloudcgETH Hashkey Cloud (CGETH.HASH) $ 2,460.42
  • aerodrome-financeAerodrome Finance (AERO) $ 0.540055
  • eutblSpiko EU T-Bills Money Market Fund (EUTBL) $ 1.23
  • blockstackStacks (STX) $ 0.265112
  • ether-fiEther.fi (ETHFI) $ 0.793441
  • spx6900SPX6900 (SPX) $ 0.514162
  • virtual-protocolVirtuals Protocol (VIRTUAL) $ 0.719748
  • gtethGTETH (GTETH) $ 2,954.18
  • starknetStarknet (STRK) $ 0.094991
  • pippinpippin (PIPPIN) $ 0.468115
  • ghoGHO (GHO) $ 0.999476
  • newton-projectAB (AB) $ 0.004927
  • msolMarinade Staked SOL (MSOL) $ 172.73
  • stader-ethxStader ETHx (ETHX) $ 3,174.87
  • celestiaCelestia (TIA) $ 0.508508
  • wrapped-apecoinWrapped ApeCoin (WAPE) $ 0.213785
  • ether-fi-liquid-ethEther.Fi Liquid ETH (LIQUIDETH) $ 3,139.55
  • merlin-chainMerlin Chain (MERL) $ 0.399560
  • flokiFLOKI (FLOKI) $ 0.000043
  • the-graphThe Graph (GRT) $ 0.038681
  • kaiaKaia (KAIA) $ 0.070205
  • usdbUSDB (USDB) $ 1.01
  • trust-wallet-tokenTrust Wallet (TWT) $ 0.972990
  • steakhouse-usdc-morpho-vaultSteakhouse USDC Morpho Vault (STEAKUSDC) $ 1.11
  • justJUST (JST) $ 0.039641
  • swethSwell Ethereum (SWETH) $ 3,233.31
  • lorenzo-wrapped-bitcoinLorenzo Wrapped Bitcoin (ENZOBTC) $ 90,454.00
  • bittorrentBitTorrent (BTT) $ 0.00000040
  • sun-tokenSun Token (SUN) $ 0.020233
  • telcoinTelcoin (TEL) $ 0.004084
  • iotaIOTA (IOTA) $ 0.091746
  • coinbase-wrapped-staked-ethCoinbase Wrapped Staked ETH (CBETH) $ 3,281.45
  • sbtc-2sBTC (SBTC) $ 86,500.00
  • doublezeroDoubleZero (2Z) $ 0.109137
  • ethereum-name-serviceEthereum Name Service (ENS) $ 9.80
  • dogwifcoindogwifhat (WIF) $ 0.374663
  • conflux-tokenConflux (CFX) $ 0.071367
  • bitcoin-svBitcoin SV (BSV) $ 18.32
  • olympusOlympus (OHM) $ 22.05
  • audieraAudiera (BEAT) $ 2.55
  • bitcoin-avalanche-bridged-btc-bAvalanche Bridged BTC (Avalanche) (BTC.B) $ 87,029.00
  • apenftAINFT (NFT) $ 0.00000035
  • pyth-networkPyth Network (PYTH) $ 0.059383
  • euro-coinEURC (EURC) $ 1.18
  • binance-peg-dogecoinBinance-Peg Dogecoin (DOGE) $ 0.130835
  • basic-attention-tokenBasic Attention (BAT) $ 0.224197
  • fartcoinFartcoin (FARTCOIN) $ 0.332773
  • kinesis-goldKinesis Gold (KAU) $ 138.25
  • pendlePendle (PENDLE) $ 2.00
  • theta-tokenTheta Network (THETA) $ 0.327130
  • usxUSX (USX) $ 0.999415
  • crvusdcrvUSD (CRVUSD) $ 0.999596
  • decredDecred (DCR) $ 18.43
  • the-sandboxThe Sandbox (SAND) $ 0.121065
Bitcoin

New React bug that can drain all your tokens is impacting ‘thousands of’ websites

By admin
0 3

New React bug that can drain all your tokens is impacting 'thousands of' websites

A critical vulnerability in React Server Components is being actively exploited by multiple threat groups, putting thousands of websites — including crypto platforms — at immediate risk with users possibly seeing all their assets drained, if impacted.

The flaw, tracked as CVE-2025-55182 and nicknamed React2Shell, allows attackers to execute code remotely on affected servers without authentication. React’s maintainers disclosed the issue on Dec. 3 and assigned it the highest possible severity score.

Shortly after disclosure, GTIG observed widespread exploitation by both financially motivated criminals and suspected state-backed hacking groups, targeting unpatched React and Next.js applications across cloud environments.

Crypto Drainers using React CVE-2025-55182

We are observing a big uptick in drainers uploaded to legitimate (crypto) websites through exploitation of the recent React CVE.

All websites should review front-end code for any suspicious assets NOW.

— Security Alliance (@_SEAL_Org) December 13, 2025

What the vulnerability does

React Server Components are used to run parts of a web application directly on a server instead of in a user’s browser. The vulnerability stems from how React decodes incoming requests to these server-side functions.

In simple terms, attackers can send a specially crafted web request that tricks the server into running arbitrary commands, or effectively handing over control of the system to the attacker.

The bug affects React versions 19.0 through 19.2.0, including packages used by popular frameworks such as Next.js. Merely having the vulnerable packages installed is often enough to allow exploitation.

How attackers are using it

The Google Threat Intelligence Group (GTIG) documented multiple active campaigns using the flaw to deploy malware, backdoors and crypto-mining software.

Some attackers began exploiting the flaw within days of disclosure to install Monero mining software. These attacks quietly consume server resources and electricity, generating profits for attackers while degrading system performance for victims.

Crypto platforms rely heavily on modern JavaScript frameworks such as React and Next.js, often handling wallet interactions, transaction signing and permit approvals through front-end code.

If a website is compromised, attackers can inject malicious scripts that intercept wallet interactions or redirect transactions to their own wallets— even if the underlying blockchain protocol remains secure.

That makes front-end vulnerabilities particularly dangerous for users who sign transactions through browser wallets.

Source

admin 16088 posts 0 comments
You might also like More from author

Leave A Reply

Your email address will not be published.