• bitcoinBitcoin (BTC) $ 77,120.00
  • ethereumEthereum (ETH) $ 2,283.66
  • tetherTether (USDT) $ 0.999505
  • xrpXRP (XRP) $ 1.38
  • bnbBNB (BNB) $ 617.92
  • usd-coinUSDC (USDC) $ 0.999672
  • solanaSolana (SOL) $ 84.15
  • tronTRON (TRX) $ 0.326011
  • staked-etherLido Staked Ether (STETH) $ 2,265.05
  • figure-helocFigure Heloc (FIGR_HELOC) $ 1.03
  • dogecoinDogecoin (DOGE) $ 0.109133
  • whitebitWhiteBIT Coin (WBT) $ 57.82
  • usdsUSDS (USDS) $ 0.999817
  • hyperliquidHyperliquid (HYPE) $ 40.31
  • leo-tokenLEO Token (LEO) $ 10.31
  • wrapped-stethWrapped stETH (WSTETH) $ 2,779.67
  • cardanoCardano (ADA) $ 0.249564
  • bitcoin-cashBitcoin Cash (BCH) $ 444.03
  • wrapped-bitcoinWrapped Bitcoin (WBTC) $ 76,243.00
  • moneroMonero (XMR) $ 383.45
  • binance-bridged-usdt-bnb-smart-chainBinance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 0.998762
  • chainlinkChainlink (LINK) $ 9.17
  • wrapped-beacon-ethWrapped Beacon ETH (WBETH) $ 2,466.93
  • zcashZcash (ZEC) $ 347.87
  • canton-networkCanton (CC) $ 0.150355
  • stellarStellar (XLM) $ 0.159602
  • wrapped-eethWrapped eETH (WEETH) $ 2,465.31
  • usd1-wlfiUSD1 (USD1) $ 0.999676
  • daiDai (DAI) $ 0.999699
  • susdssUSDS (SUSDS) $ 1.08
  • litecoinLitecoin (LTC) $ 55.39
  • memecoreMemeCore (M) $ 3.20
  • avalanche-2Avalanche (AVAX) $ 9.13
  • coinbase-wrapped-btcCoinbase Wrapped BTC (CBBTC) $ 76,366.00
  • ethena-usdeEthena USDe (USDE) $ 0.999077
  • hedera-hashgraphHedera (HBAR) $ 0.088227
  • rainRain (RAIN) $ 0.007896
  • wethWETH (WETH) $ 2,268.37
  • shiba-inuShiba Inu (SHIB) $ 0.000006
  • suiSui (SUI) $ 0.918545
  • paypal-usdPayPal USD (PYUSD) $ 0.999942
  • usdt0USDT0 (USDT0) $ 0.998824
  • the-open-networkToncoin (TON) $ 1.33
  • crypto-com-chainCronos (CRO) $ 0.068249
  • hashnote-usycCircle USYC (USYC) $ 1.12
  • tether-goldTether Gold (XAUT) $ 4,600.63
  • global-dollarGlobal Dollar (USDG) $ 0.999787
  • bittensorBittensor (TAO) $ 253.26
  • blackrock-usd-institutional-digital-liquidity-fundBlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
  • ethena-staked-usdeEthena Staked USDe (SUSDE) $ 1.22
  • pax-goldPAX Gold (PAXG) $ 4,602.34
  • mantleMantle (MNT) $ 0.630674
  • uniswapUniswap (UNI) $ 3.22
  • polkadotPolkadot (DOT) $ 1.21
  • world-liberty-financialWorld Liberty Financial (WLFI) $ 0.061286
  • skySky (SKY) $ 0.081196
  • pi-networkPi Network (PI) $ 0.181116
  • falcon-financeFalcon USD (USDF) $ 0.996620
  • okbOKB (OKB) $ 83.18
  • nearNEAR Protocol (NEAR) $ 1.31
  • little-pepe-5Little Pepe (LILPEPE) $ 2.16
  • aster-2Aster (ASTER) $ 0.652357
  • pepePepe (PEPE) $ 0.000004
  • syrupusdcsyrupUSDC (SYRUPUSDC) $ 1.15
  • htx-daoHTX DAO (HTX) $ 0.000002
  • usddUSDD (USDD) $ 0.999784
  • ripple-usdRipple USD (RLUSD) $ 0.999866
  • aaveAave (AAVE) $ 93.23
  • bitget-tokenBitget Token (BGB) $ 2.01
  • ondo-us-dollar-yieldOndo US Dollar Yield (USDY) $ 1.13
  • internet-computerInternet Computer (ICP) $ 2.39
  • janus-henderson-anemoy-treasury-fundJanus Henderson Anemoy Treasury Fund (JTRSY) $ 1.10
  • bfusdBFUSD (BFUSD) $ 0.998609
  • ethereum-classicEthereum Classic (ETC) $ 8.41
  • ondo-financeOndo (ONDO) $ 0.267482
  • morphoMorpho (MORPHO) $ 1.99
  • kucoin-sharesKuCoin (KCS) $ 8.49
  • united-stablesUnited Stables (U) $ 1.00
  • jupiter-perpetuals-liquidity-provider-tokenJupiter Perpetuals Liquidity Provider Token (JLP) $ 4.00
  • quant-networkQuant (QNT) $ 69.12
  • polygon-ecosystem-tokenPOL (ex-MATIC) (POL) $ 0.094611
  • eutblSpiko EU T-Bills Money Market Fund (EUTBL) $ 1.23
  • algorandAlgorand (ALGO) $ 0.109818
  • superstate-short-duration-us-government-securities-fund-ustbSuperstate Short Duration U.S. Government Securities Fund (USTB) (USTB) $ 11.07
  • jito-staked-solJito Staked SOL (JITOSOL) $ 124.46
  • blockchain-capitalBlockchain Capital (BCAP) $ 105.75
  • cosmosCosmos Hub (ATOM) $ 1.89
  • kelp-dao-restaked-ethKelp DAO Restaked ETH (RSETH) $ 2,404.69
  • ethenaEthena (ENA) $ 0.103814
  • nexoNEXO (NEXO) $ 0.901485
  • binance-peg-wethBinance-Peg WETH (WETH) $ 2,262.26
  • kaspaKaspa (KAS) $ 0.032624
  • rocket-pool-ethRocket Pool ETH (RETH) $ 2,631.35
  • render-tokenRender (RENDER) $ 1.70
  • aptosAptos (APT) $ 1.04
  • binance-bridged-usdc-bnb-smart-chainBinance Bridged USDC (BNB Smart Chain) (USDC) $ 0.999945
  • gatechain-tokenGate (GT) $ 7.27
  • worldcoin-wldWorldcoin (WLD) $ 0.242838
  • wbnbWrapped BNB (WBNB) $ 759.61
  • arbitrumArbitrum (ARB) $ 0.125973
  • ignition-fbtcFunction FBTC (FBTC) $ 76,389.00
  • justJUST (JST) $ 0.089653
  • stable-2​​Stable (STABLE) $ 0.033781
  • filecoinFilecoin (FIL) $ 0.931270
  • pump-funPump.fun (PUMP) $ 0.001808
  • flare-networksFlare (FLR) $ 0.007492
  • syrupusdtsyrupUSDT (SYRUPUSDT) $ 1.11
  • pudgy-penguinsPudgy Penguins (PENGU) $ 0.009917
  • beldexBeldex (BDX) $ 0.079808
  • ousgOUSG (OUSG) $ 115.09
  • binance-staked-solBinance Staked SOL (BNSOL) $ 108.24
  • jupiter-exchange-solanaJupiter (JUP) $ 0.184123
  • vechainVeChain (VET) $ 0.007084
  • xdce-crowd-saleXDC Network (XDC) $ 0.029544
  • usdtbUSDtb (USDTB) $ 1.00
  • hash-2Provenance Blockchain (HASH) $ 0.011164
  • ghoGHO (GHO) $ 0.999515
  • new-x-ceo-is-backNEW X CEO IS BACK (XFLOKI) $ 0.506041
  • bridged-usdc-polygon-pos-bridgePolygon Bridged USDC (Polygon PoS) (USDC.E) $ 0.999720
  • usual-usdUsual USD (USD0) $ 0.998992
  • solv-btcSolv Protocol BTC (SOLVBTC) $ 76,461.00
  • official-trumpOfficial Trump (TRUMP) $ 2.39
  • lombard-staked-btcLombard Staked BTC (LBTC) $ 76,491.00
  • bonkBonk (BONK) $ 0.000006
  • midnight-3Midnight (NIGHT) $ 0.032718
  • dexeDeXe (DEXE) $ 11.34
  • clbtcclBTC (CLBTC) $ 76,920.00
  • yldsYLDS (YLDS) $ 0.999978
  • true-usdTrueUSD (TUSD) $ 0.999408
  • a7a5A7A5 (A7A5) $ 0.012443
  • siren-2Siren (SIREN) $ 0.661838
  • pancakeswap-tokenPancakeSwap (CAKE) $ 1.45
  • virtual-protocolVirtuals Protocol (VIRTUAL) $ 0.701729
  • stakewise-v3-osethStakeWise Staked ETH (OSETH) $ 2,419.84
  • dashDash (DASH) $ 35.57
  • fetch-aiArtificial Superintelligence Alliance (FET) $ 0.198299
  • kinetic-staked-hypeKinetiq Staked HYPE (KHYPE) $ 33.97
  • tbtctBTC (TBTC) $ 70,942.00
  • euro-coinEURC (EURC) $ 1.17
  • edgexedgeX (EDGE) $ 1.24
  • wrappedm-by-m0WrappedM by M0 (WM) $ 1.00
  • chilizChiliz (CHZ) $ 0.041936
  • aerodrome-financeAerodrome Finance (AERO) $ 0.462095
  • adi-tokenADI (ADI) $ 4.07
  • terra-lunaTerra Luna Classic (LUNC) $ 0.000076
  • blockstackStacks (STX) $ 0.223709
  • janus-henderson-anemoy-aaa-clo-fundJanus Henderson Anemoy AAA CLO Fund (JAAA) $ 1.03
  • c8ntinuumc8ntinuum (CTM) $ 0.087592
  • first-digital-usdFirst Digital USD (FDUSD) $ 0.998804
  • mantle-staked-etherMantle Staked Ether (METH) $ 2,455.82
  • venice-tokenVenice Token (VVV) $ 8.80
  • tezosTezos (XTZ) $ 0.366546
  • polygon-pos-bridged-dai-polygon-posPolygon PoS Bridged DAI (Polygon POS) (DAI) $ 0.999983
  • sei-networkSei (SEI) $ 0.057933
  • resolv-wstusrResolv wstUSR (WSTUSR) $ 1.13
  • usxUSX (USX) $ 0.999552
  • cocaCOCA (COCA) $ 1.30
  • skyaiSkyAI (SKYAI) $ 0.379569
  • layerzeroLayerZero (ZRO) $ 1.44
  • megausdMegaUSD (USDM) $ 0.998510
  • doge-strategyDoge Strategy (DOGESTR) $ 0.288297
  • liquid-staked-ethereumLiquid Staked ETH (LSETH) $ 2,406.26
  • kinesis-goldKinesis Gold (KAU) $ 149.58
  • arbitrum-bridged-wbtc-arbitrum-oneArbitrum Bridged WBTC (Arbitrum One) (WBTC) $ 76,200.00
  • curve-dao-tokenCurve DAO (CRV) $ 0.236754
  • humanityHumanity (H) $ 0.191420
  • sun-tokenSun Token (SUN) $ 0.018472
  • spx6900SPX6900 (SPX) $ 0.375672
  • wrapped-flareWrapped Flare (WFLR) $ 0.009961
  • injective-protocolInjective (INJ) $ 3.47
  • manadiaManadia (UMXM) $ 1.67
  • l2-standard-bridged-weth-baseL2 Standard Bridged WETH (Base) (WETH) $ 2,266.86
  • ether-fiEther.fi (ETHFI) $ 0.413311
  • steakhouse-usdc-morpho-vaultSteakhouse USDC Morpho Vault (STEAKUSDC) $ 1.12
  • monadMonad (MON) $ 0.029184
  • bianrensheng币安人生 (BinanceLife) (币安人生) $ 0.340660
  • zebec-networkZebec Network (ZBCN) $ 0.003384
  • gnosisGnosis (GNO) $ 123.69
  • hastra-primePRIME (PRIME) $ 1.03
  • binance-peg-xrpBinance-Peg XRP (XRP) $ 1.59
  • celestiaCelestia (TIA) $ 0.356923
  • ether-fi-liquid-ethEther.Fi Liquid ETH (LIQUIDETH) $ 2,443.47
  • bitcoin-svBitcoin SV (BSV) $ 15.90
  • renzo-restaked-ethRenzo Restaked ETH (EZETH) $ 2,421.84
  • decredDecred (DCR) $ 18.25
  • flokiFLOKI (FLOKI) $ 0.000033
  • noonNoon (NOON) $ 0.751949
  • sbtc-2sBTC (SBTC) $ 77,039.00
  • bittorrentBitTorrent (BTT) $ 0.00000032
  • apenftAINFT (NFT) $ 0.00000032
  • lido-daoLido DAO (LDO) $ 0.369046
  • jupiter-staked-solJupiter Staked SOL (JUPSOL) $ 115.56
  • conflux-tokenConflux (CFX) $ 0.059675
  • savings-usddSavings USDD (SUSDD) $ 1.03
  • usdgoUSDGO (USDGO) $ 0.999874
  • olympusOlympus (OHM) $ 19.16
  • crvusdcrvUSD (CRVUSD) $ 0.999574
  • msolMarinade Staked SOL (MSOL) $ 133.18
  • doublezeroDoubleZero (2Z) $ 0.082189
  • arbitrum-bridged-weth-arbitrum-oneArbitrum Bridged WETH (Arbitrum One) (WETH) $ 2,265.06
Bitcoin

New React bug that can drain all your tokens is impacting ‘thousands of’ websites

By admin
0 89

New React bug that can drain all your tokens is impacting 'thousands of' websites

A critical vulnerability in React Server Components is being actively exploited by multiple threat groups, putting thousands of websites — including crypto platforms — at immediate risk with users possibly seeing all their assets drained, if impacted.

The flaw, tracked as CVE-2025-55182 and nicknamed React2Shell, allows attackers to execute code remotely on affected servers without authentication. React’s maintainers disclosed the issue on Dec. 3 and assigned it the highest possible severity score.

Shortly after disclosure, GTIG observed widespread exploitation by both financially motivated criminals and suspected state-backed hacking groups, targeting unpatched React and Next.js applications across cloud environments.

Crypto Drainers using React CVE-2025-55182

We are observing a big uptick in drainers uploaded to legitimate (crypto) websites through exploitation of the recent React CVE.

All websites should review front-end code for any suspicious assets NOW.

— Security Alliance (@_SEAL_Org) December 13, 2025

What the vulnerability does

React Server Components are used to run parts of a web application directly on a server instead of in a user’s browser. The vulnerability stems from how React decodes incoming requests to these server-side functions.

In simple terms, attackers can send a specially crafted web request that tricks the server into running arbitrary commands, or effectively handing over control of the system to the attacker.

The bug affects React versions 19.0 through 19.2.0, including packages used by popular frameworks such as Next.js. Merely having the vulnerable packages installed is often enough to allow exploitation.

How attackers are using it

The Google Threat Intelligence Group (GTIG) documented multiple active campaigns using the flaw to deploy malware, backdoors and crypto-mining software.

Some attackers began exploiting the flaw within days of disclosure to install Monero mining software. These attacks quietly consume server resources and electricity, generating profits for attackers while degrading system performance for victims.

Crypto platforms rely heavily on modern JavaScript frameworks such as React and Next.js, often handling wallet interactions, transaction signing and permit approvals through front-end code.

If a website is compromised, attackers can inject malicious scripts that intercept wallet interactions or redirect transactions to their own wallets— even if the underlying blockchain protocol remains secure.

That makes front-end vulnerabilities particularly dangerous for users who sign transactions through browser wallets.

Source

admin 20598 posts 0 comments
You might also like More from author

Leave A Reply

Your email address will not be published.