• bitcoinBitcoin (BTC) $ 83,077.00
  • ethereumEthereum (ETH) $ 2,725.24
  • tetherTether (USDT) $ 0.998559
  • bnbBNB (BNB) $ 849.58
  • xrpXRP (XRP) $ 1.76
  • usd-coinUSDC (USDC) $ 0.999685
  • jusdJUSD (JUSD) $ 0.999053
  • tronTRON (TRX) $ 0.292239
  • staked-etherLido Staked Ether (STETH) $ 2,724.84
  • dogecoinDogecoin (DOGE) $ 0.116224
  • figure-helocFigure Heloc (FIGR_HELOC) $ 1.04
  • cardanoCardano (ADA) $ 0.326018
  • wrapped-stethWrapped stETH (WSTETH) $ 3,338.69
  • bitcoin-cashBitcoin Cash (BCH) $ 552.45
  • whitebitWhiteBIT Coin (WBT) $ 51.11
  • wrapped-bitcoinWrapped Bitcoin (WBTC) $ 82,777.00
  • wrapped-beacon-ethWrapped Beacon ETH (WBETH) $ 2,965.76
  • usdsUSDS (USDS) $ 0.999778
  • wrapped-eethWrapped eETH (WEETH) $ 2,960.37
  • binance-bridged-usdt-bnb-smart-chainBinance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 0.998503
  • leo-tokenLEO Token (LEO) $ 9.21
  • moneroMonero (XMR) $ 452.51
  • chainlinkChainlink (LINK) $ 10.79
  • hyperliquidHyperliquid (HYPE) $ 29.30
  • coinbase-wrapped-btcCoinbase Wrapped BTC (CBBTC) $ 82,972.00
  • ethena-usdeEthena USDe (USDE) $ 0.997818
  • canton-networkCanton (CC) $ 0.171922
  • stellarStellar (XLM) $ 0.193247
  • wethWETH (WETH) $ 2,723.90
  • zcashZcash (ZEC) $ 335.47
  • usd1-wlfiUSD1 (USD1) $ 0.999456
  • litecoinLitecoin (LTC) $ 65.06
  • suiSui (SUI) $ 1.29
  • avalanche-2Avalanche (AVAX) $ 10.95
  • usdt0USDT0 (USDT0) $ 0.998616
  • daiDai (DAI) $ 0.999546
  • shiba-inuShiba Inu (SHIB) $ 0.000007
  • hedera-hashgraphHedera (HBAR) $ 0.099466
  • susdssUSDS (SUSDS) $ 1.09
  • world-liberty-financialWorld Liberty Financial (WLFI) $ 0.153194
  • ethena-staked-usdeEthena Staked USDe (SUSDE) $ 1.22
  • paypal-usdPayPal USD (PYUSD) $ 0.998640
  • the-open-networkToncoin (TON) $ 1.45
  • crypto-com-chainCronos (CRO) $ 0.083300
  • rainRain (RAIN) $ 0.009493
  • polkadotPolkadot (DOT) $ 1.68
  • uniswapUniswap (UNI) $ 4.27
  • tether-goldTether Gold (XAUT) $ 4,996.79
  • mantleMantle (MNT) $ 0.775970
  • memecoreMemeCore (M) $ 1.40
  • bitget-tokenBitget Token (BGB) $ 3.43
  • pax-goldPAX Gold (PAXG) $ 5,019.35
  • falcon-financeFalcon USD (USDF) $ 0.992809
  • aaveAave (AAVE) $ 139.75
  • okbOKB (OKB) $ 100.84
  • bittensorBittensor (TAO) $ 214.59
  • pepePepe (PEPE) $ 0.000005
  • nearNEAR Protocol (NEAR) $ 1.33
  • blackrock-usd-institutional-digital-liquidity-fundBlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
  • jupiter-perpetuals-liquidity-provider-tokenJupiter Perpetuals Liquidity Provider Token (JLP) $ 4.39
  • jito-staked-solJito Staked SOL (JITOSOL) $ 146.98
  • ethereum-classicEthereum Classic (ETC) $ 10.73
  • kelp-dao-restaked-ethKelp DAO Restaked ETH (RSETH) $ 2,894.81
  • internet-computerInternet Computer (ICP) $ 3.02
  • binance-peg-wethBinance-Peg WETH (WETH) $ 2,722.64
  • hashnote-usycCircle USYC (USYC) $ 1.11
  • pump-funPump.fun (PUMP) $ 0.002781
  • htx-daoHTX DAO (HTX) $ 0.000002
  • global-dollarGlobal Dollar (USDG) $ 0.999664
  • solanaWrapped SOL (SOL) $ 117.16
  • ondo-financeOndo (ONDO) $ 0.313823
  • aster-2Aster (ASTER) $ 0.610149
  • skySky (SKY) $ 0.064767
  • syrupusdcsyrupUSDC (SYRUPUSDC) $ 1.15
  • ripple-usdRipple USD (RLUSD) $ 1.00
  • pi-networkPi Network (PI) $ 0.166593
  • kucoin-sharesKuCoin (KCS) $ 10.14
  • bfusdBFUSD (BFUSD) $ 0.998262
  • wbnbWrapped BNB (WBNB) $ 849.55
  • worldcoin-wldWorldcoin (WLD) $ 0.469984
  • binance-bridged-usdc-bnb-smart-chainBinance Bridged USDC (BNB Smart Chain) (USDC) $ 0.999734
  • binance-staked-solBinance Staked SOL (BNSOL) $ 128.09
  • ethenaEthena (ENA) $ 0.155173
  • hash-2Provenance Blockchain (HASH) $ 0.022851
  • polygon-ecosystem-tokenPOL (ex-MATIC) (POL) $ 0.111406
  • gatechain-tokenGate (GT) $ 9.34
  • rocket-pool-ethRocket Pool ETH (RETH) $ 3,149.93
  • usddUSDD (USDD) $ 0.998689
  • aptosAptos (APT) $ 1.45
  • myx-financeMYX Finance (MYX) $ 5.51
  • cosmosCosmos Hub (ATOM) $ 2.11
  • kaspaKaspa (KAS) $ 0.037677
  • algorandAlgorand (ALGO) $ 0.111978
  • lombard-staked-btcLombard Staked BTC (LBTC) $ 83,031.00
  • ignition-fbtcFunction FBTC (FBTC) $ 82,838.00
  • official-trumpOfficial Trump (TRUMP) $ 4.55
  • arbitrumArbitrum (ARB) $ 0.155405
  • nexoNEXO (NEXO) $ 0.903095
  • filecoinFilecoin (FIL) $ 1.18
  • midnight-3Midnight (NIGHT) $ 0.052269
  • render-tokenRender (RENDER) $ 1.68
  • usdtbUSDtb (USDTB) $ 0.999332
  • flare-networksFlare (FLR) $ 0.010048
  • bridged-usdc-polygon-pos-bridgePolygon Bridged USDC (Polygon PoS) (USDC.E) $ 0.999690
  • superstate-short-duration-us-government-securities-fund-ustbSuperstate Short Duration U.S. Government Securities Fund (USTB) (USTB) $ 10.97
  • vechainVeChain (VET) $ 0.009297
  • syrupusdtsyrupUSDT (SYRUPUSDT) $ 1.11
  • mantle-staked-etherMantle Staked Ether (METH) $ 2,959.64
  • liquid-staked-ethereumLiquid Staked ETH (LSETH) $ 2,912.12
  • wrappedm-by-m0WrappedM by M0 (WM) $ 0.999643
  • janus-henderson-anemoy-aaa-clo-fundJanus Henderson Anemoy AAA CLO Fund (JAAA) $ 1.02
  • bonkBonk (BONK) $ 0.000008
  • riverRiver (RIVER) $ 36.31
  • xdce-crowd-saleXDC Network (XDC) $ 0.036607
  • ondo-us-dollar-yieldOndo US Dollar Yield (USDY) $ 1.10
  • ousgOUSG (OUSG) $ 114.13
  • solv-btcSolv Protocol BTC (SOLVBTC) $ 82,926.00
  • kinetic-staked-hypeKinetiq Staked HYPE (KHYPE) $ 29.51
  • jupiter-exchange-solanaJupiter (JUP) $ 0.204671
  • arbitrum-bridged-wbtc-arbitrum-oneArbitrum Bridged WBTC (Arbitrum One) (WBTC) $ 82,810.00
  • morphoMorpho (MORPHO) $ 1.20
  • eutblSpiko EU T-Bills Money Market Fund (EUTBL) $ 1.24
  • clbtcclBTC (CLBTC) $ 82,723.00
  • dashDash (DASH) $ 50.48
  • story-2Story (IP) $ 1.81
  • stakewise-v3-osethStakeWise Staked ETH (OSETH) $ 2,897.06
  • polygon-pos-bridged-dai-polygon-posPolygon PoS Bridged DAI (Polygon POS) (DAI) $ 0.999785
  • usdaiUSDai (USDAI) $ 0.999694
  • sei-networkSei (SEI) $ 0.094190
  • renzo-restaked-ethRenzo Restaked ETH (EZETH) $ 2,914.49
  • l2-standard-bridged-weth-baseL2 Standard Bridged WETH (Base) (WETH) $ 2,724.26
  • beldexBeldex (BDX) $ 0.079357
  • cocaCOCA (COCA) $ 1.23
  • wrapped-flareWrapped Flare (WFLR) $ 0.010028
  • jupiter-staked-solJupiter Staked SOL (JUPSOL) $ 136.46
  • usual-usdUsual USD (USD0) $ 0.999000
  • binance-peg-xrpBinance-Peg XRP (XRP) $ 1.76
  • pancakeswap-tokenPancakeSwap (CAKE) $ 1.70
  • janus-henderson-anemoy-treasury-fundJanus Henderson Anemoy Treasury Fund (JTRSY) $ 1.09
  • pudgy-penguinsPudgy Penguins (PENGU) $ 0.008846
  • arbitrum-bridged-weth-arbitrum-oneArbitrum Bridged WETH (Arbitrum One) (WETH) $ 2,723.92
  • tezosTezos (XTZ) $ 0.506627
  • optimismOptimism (OP) $ 0.265690
  • a7a5A7A5 (A7A5) $ 0.013035
  • ghoGHO (GHO) $ 0.999220
  • blockstackStacks (STX) $ 0.285893
  • c8ntinuumc8ntinuum (CTM) $ 0.113918
  • tbtctBTC (TBTC) $ 82,847.00
  • true-usdTrueUSD (TUSD) $ 0.997694
  • chilizChiliz (CHZ) $ 0.047851
  • virtual-protocolVirtuals Protocol (VIRTUAL) $ 0.742726
  • curve-dao-tokenCurve DAO (CRV) $ 0.321742
  • fasttokenFasttoken (FTN) $ 1.09
  • fetch-aiArtificial Superintelligence Alliance (FET) $ 0.205081
  • gtethGTETH (GTETH) $ 2,723.43
  • first-digital-usdFirst Digital USD (FDUSD) $ 0.997001
  • stable-2​​Stable (STABLE) $ 0.023739
  • lorenzo-wrapped-bitcoinLorenzo Wrapped Bitcoin (ENZOBTC) $ 87,884.00
  • lighterLighter (LIT) $ 1.69
  • doublezeroDoubleZero (2Z) $ 0.120561
  • steakhouse-usdc-morpho-vaultSteakhouse USDC Morpho Vault (STEAKUSDC) $ 1.12
  • euro-coinEURC (EURC) $ 1.19
  • ether-fi-liquid-ethEther.Fi Liquid ETH (LIQUIDETH) $ 2,929.72
  • resolv-usrResolv USR (USR) $ 0.999644
  • injective-protocolInjective (INJ) $ 4.01
  • usdbUSDB (USDB) $ 1.00
  • msolMarinade Staked SOL (MSOL) $ 158.49
  • layerzeroLayerZero (ZRO) $ 1.98
  • lido-daoLido DAO (LDO) $ 0.472880
  • resolv-wstusrResolv wstUSR (WSTUSR) $ 1.13
  • coinbase-wrapped-staked-ethCoinbase Wrapped Staked ETH (CBETH) $ 3,052.32
  • syrupMaple Finance (SYRUP) $ 0.334324
  • kinesis-goldKinesis Gold (KAU) $ 161.64
  • ether-fiEther.fi (ETHFI) $ 0.547218
  • flokiFLOKI (FLOKI) $ 0.000039
  • aerodrome-financeAerodrome Finance (AERO) $ 0.411830
  • bittorrentBitTorrent (BTT) $ 0.00000038
  • sbtc-2sBTC (SBTC) $ 82,925.00
  • stader-ethxStader ETHx (ETHX) $ 2,939.88
  • justJUST (JST) $ 0.041740
  • axie-infinityAxie Infinity (AXS) $ 2.15
  • celestiaCelestia (TIA) $ 0.412322
  • staked-aaveStaked Aave (STKAAVE) $ 142.21
  • the-graphThe Graph (GRT) $ 0.033000
  • kinesis-silverKinesis Silver (KAG) $ 94.76
  • sun-tokenSun Token (SUN) $ 0.018317
  • gnosisGnosis (GNO) $ 132.11
  • pyth-networkPyth Network (PYTH) $ 0.059432
  • trust-wallet-tokenTrust Wallet (TWT) $ 0.818689
  • bitcoin-svBitcoin SV (BSV) $ 16.95
  • apenftAINFT (NFT) $ 0.00000034
  • kaiaKaia (KAIA) $ 0.057489
  • wrapped-apecoinWrapped ApeCoin (WAPE) $ 0.167428
  • iotaIOTA (IOTA) $ 0.077781
  • conflux-tokenConflux (CFX) $ 0.063006
  • ether-fi-staked-ethether.fi Staked ETH (EETH) $ 2,819.61
  • olympusOlympus (OHM) $ 20.25
  • starknetStarknet (STRK) $ 0.060819
  • bitcoin-avalanche-bridged-btc-bAvalanche Bridged BTC (Avalanche) (BTC.B) $ 82,917.00
  • ethereum-name-serviceEthereum Name Service (ENS) $ 8.12
Bitcoin

New React bug that can drain all your tokens is impacting ‘thousands of’ websites

By admin
0 37

New React bug that can drain all your tokens is impacting 'thousands of' websites

A critical vulnerability in React Server Components is being actively exploited by multiple threat groups, putting thousands of websites — including crypto platforms — at immediate risk with users possibly seeing all their assets drained, if impacted.

The flaw, tracked as CVE-2025-55182 and nicknamed React2Shell, allows attackers to execute code remotely on affected servers without authentication. React’s maintainers disclosed the issue on Dec. 3 and assigned it the highest possible severity score.

Shortly after disclosure, GTIG observed widespread exploitation by both financially motivated criminals and suspected state-backed hacking groups, targeting unpatched React and Next.js applications across cloud environments.

Crypto Drainers using React CVE-2025-55182

We are observing a big uptick in drainers uploaded to legitimate (crypto) websites through exploitation of the recent React CVE.

All websites should review front-end code for any suspicious assets NOW.

— Security Alliance (@_SEAL_Org) December 13, 2025

What the vulnerability does

React Server Components are used to run parts of a web application directly on a server instead of in a user’s browser. The vulnerability stems from how React decodes incoming requests to these server-side functions.

In simple terms, attackers can send a specially crafted web request that tricks the server into running arbitrary commands, or effectively handing over control of the system to the attacker.

The bug affects React versions 19.0 through 19.2.0, including packages used by popular frameworks such as Next.js. Merely having the vulnerable packages installed is often enough to allow exploitation.

How attackers are using it

The Google Threat Intelligence Group (GTIG) documented multiple active campaigns using the flaw to deploy malware, backdoors and crypto-mining software.

Some attackers began exploiting the flaw within days of disclosure to install Monero mining software. These attacks quietly consume server resources and electricity, generating profits for attackers while degrading system performance for victims.

Crypto platforms rely heavily on modern JavaScript frameworks such as React and Next.js, often handling wallet interactions, transaction signing and permit approvals through front-end code.

If a website is compromised, attackers can inject malicious scripts that intercept wallet interactions or redirect transactions to their own wallets— even if the underlying blockchain protocol remains secure.

That makes front-end vulnerabilities particularly dangerous for users who sign transactions through browser wallets.

Source

admin 17573 posts 0 comments
You might also like More from author

Leave A Reply

Your email address will not be published.