• bitcoinBitcoin (BTC) $ 85,955.00
  • ethereumEthereum (ETH) $ 2,916.78
  • tetherTether (USDT) $ 0.999952
  • bnbBNB (BNB) $ 854.35
  • xrpXRP (XRP) $ 1.87
  • usd-coinUSDC (USDC) $ 1.00
  • solanaWrapped SOL (SOL) $ 126.19
  • tronTRON (TRX) $ 0.278817
  • staked-etherLido Staked Ether (STETH) $ 2,915.91
  • dogecoinDogecoin (DOGE) $ 0.128969
  • figure-helocFigure Heloc (FIGR_HELOC) $ 1.03
  • cardanoCardano (ADA) $ 0.381155
  • whitebitWhiteBIT Coin (WBT) $ 57.65
  • wrapped-stethWrapped stETH (WSTETH) $ 3,564.63
  • wrapped-bitcoinWrapped Bitcoin (WBTC) $ 85,790.00
  • bitcoin-cashBitcoin Cash (BCH) $ 531.53
  • wrapped-beacon-ethWrapped Beacon ETH (WBETH) $ 3,166.95
  • usdsUSDS (USDS) $ 0.999916
  • binance-bridged-usdt-bnb-smart-chainBinance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 0.999875
  • chainlinkChainlink (LINK) $ 12.71
  • wrapped-eethWrapped eETH (WEETH) $ 3,163.24
  • leo-tokenLEO Token (LEO) $ 9.22
  • moneroMonero (XMR) $ 409.79
  • wethWETH (WETH) $ 2,916.35
  • hyperliquidHyperliquid (HYPE) $ 26.45
  • stellarStellar (XLM) $ 0.217465
  • zcashZcash (ZEC) $ 396.56
  • ethena-usdeEthena USDe (USDE) $ 0.999512
  • coinbase-wrapped-btcCoinbase Wrapped BTC (CBBTC) $ 85,981.00
  • litecoinLitecoin (LTC) $ 77.34
  • suiSui (SUI) $ 1.46
  • avalanche-2Avalanche (AVAX) $ 12.19
  • hedera-hashgraphHedera (HBAR) $ 0.113465
  • usdt0USDT0 (USDT0) $ 0.999664
  • susdssUSDS (SUSDS) $ 1.09
  • shiba-inuShiba Inu (SHIB) $ 0.000008
  • daiDai (DAI) $ 0.999668
  • mantleMantle (MNT) $ 1.27
  • paypal-usdPayPal USD (PYUSD) $ 1.00
  • the-open-networkToncoin (TON) $ 1.50
  • world-liberty-financialWorld Liberty Financial (WLFI) $ 0.132031
  • crypto-com-chainCronos (CRO) $ 0.094008
  • ethena-staked-usdeEthena Staked USDe (SUSDE) $ 1.21
  • uniswapUniswap (UNI) $ 5.00
  • polkadotPolkadot (DOT) $ 1.89
  • memecoreMemeCore (M) $ 1.72
  • aaveAave (AAVE) $ 186.63
  • usd1-wlfiUSD1 (USD1) $ 0.999095
  • rainRain (RAIN) $ 0.007710
  • canton-networkCanton (CC) $ 0.071484
  • bittensorBittensor (TAO) $ 265.57
  • bitget-tokenBitget Token (BGB) $ 3.47
  • tether-goldTether Gold (XAUT) $ 4,274.47
  • falcon-financeFalcon USD (USDF) $ 0.998366
  • okbOKB (OKB) $ 105.35
  • nearNEAR Protocol (NEAR) $ 1.53
  • aster-2Aster (ASTER) $ 0.831315
  • ethereum-classicEthereum Classic (ETC) $ 12.21
  • blackrock-usd-institutional-digital-liquidity-fundBlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
  • jito-staked-solJito Staked SOL (JITOSOL) $ 157.43
  • binance-peg-wethBinance-Peg WETH (WETH) $ 2,916.51
  • pepePepe (PEPE) $ 0.000004
  • ethenaEthena (ENA) $ 0.214228
  • internet-computerInternet Computer (ICP) $ 3.00
  • hash-2Provenance Blockchain (HASH) $ 0.030633
  • pi-networkPi Network (PI) $ 0.194201
  • jupiter-perpetuals-liquidity-provider-tokenJupiter Perpetuals Liquidity Provider Token (JLP) $ 4.51
  • syrupusdcsyrupUSDC (SYRUPUSDC) $ 1.14
  • htx-daoHTX DAO (HTX) $ 0.000002
  • pax-goldPAX Gold (PAXG) $ 4,289.38
  • pump-funPump.fun (PUMP) $ 0.002442
  • global-dollarGlobal Dollar (USDG) $ 0.999769
  • hashnote-usycCircle USYC (USYC) $ 1.11
  • syrupusdtsyrupUSDT (SYRUPUSDT) $ 1.11
  • kucoin-sharesKuCoin (KCS) $ 10.21
  • bfusdBFUSD (BFUSD) $ 0.999330
  • ripple-usdRipple USD (RLUSD) $ 0.999623
  • skySky (SKY) $ 0.056979
  • worldcoin-wldWorldcoin (WLD) $ 0.529190
  • binance-bridged-usdc-bnb-smart-chainBinance Bridged USDC (BNB Smart Chain) (USDC) $ 0.999730
  • ondo-financeOndo (ONDO) $ 0.404779
  • rocket-pool-ethRocket Pool ETH (RETH) $ 3,355.51
  • gatechain-tokenGate (GT) $ 10.17
  • binance-staked-solBinance Staked SOL (BNSOL) $ 137.18
  • polygon-ecosystem-tokenPOL (ex-MATIC) (POL) $ 0.111082
  • aptosAptos (APT) $ 1.55
  • wbnbWrapped BNB (WBNB) $ 854.28
  • kaspaKaspa (KAS) $ 0.042686
  • quant-networkQuant (QNT) $ 75.01
  • arbitrumArbitrum (ARB) $ 0.193312
  • kelp-dao-restaked-ethKelp DAO Restaked ETH (RSETH) $ 3,090.94
  • official-trumpOfficial Trump (TRUMP) $ 5.27
  • algorandAlgorand (ALGO) $ 0.113653
  • cosmosCosmos Hub (ATOM) $ 2.04
  • ignition-fbtcFunction FBTC (FBTC) $ 85,420.00
  • liquid-staked-ethereumLiquid Staked ETH (LSETH) $ 3,127.96
  • lombard-staked-btcLombard Staked BTC (LBTC) $ 85,845.00
  • solv-btcSolv Protocol BTC (SOLVBTC) $ 85,738.00
  • flare-networksFlare (FLR) $ 0.011578
  • midnight-3Midnight (NIGHT) $ 0.056398
  • nexoNEXO (NEXO) $ 0.915634
  • filecoinFilecoin (FIL) $ 1.25
  • xdce-crowd-saleXDC Network (XDC) $ 0.048879
  • vechainVeChain (VET) $ 0.010534
  • superstate-short-duration-us-government-securities-fund-ustbSuperstate Short Duration U.S. Government Securities Fund (USTB) (USTB) $ 10.92
  • usdtbUSDtb (USDTB) $ 1.00
  • ousgOUSG (OUSG) $ 113.64
  • wrappedm-by-m0WrappedM by M^0 (WM) $ 0.999950
  • usddUSDD (USDD) $ 0.999796
  • janus-henderson-anemoy-aaa-clo-fundJanus Henderson Anemoy AAA CLO Fund (JAAA) $ 1.02
  • sei-networkSei (SEI) $ 0.117460
  • render-tokenRender (RENDER) $ 1.39
  • bonkBonk (BONK) $ 0.000009
  • kinetic-staked-hypeKinetiq Staked HYPE (KHYPE) $ 26.58
  • arbitrum-bridged-wbtc-arbitrum-oneArbitrum Bridged WBTC (Arbitrum One) (WBTC) $ 85,777.00
  • mantle-staked-etherMantle Staked Ether (METH) $ 3,159.16
  • ondo-us-dollar-yieldOndo US Dollar Yield (USDY) $ 1.10
  • beldexBeldex (BDX) $ 0.090394
  • pancakeswap-tokenPancakeSwap (CAKE) $ 2.00
  • bridged-usdc-polygon-pos-bridgePolygon Bridged USDC (Polygon PoS) (USDC.E) $ 0.999802
  • clbtcclBTC (CLBTC) $ 85,929.00
  • myx-financeMYX Finance (MYX) $ 3.45
  • usdaiUSDai (USDAI) $ 0.999597
  • wrapped-flareWrapped Flare (WFLR) $ 0.011578
  • renzo-restaked-ethRenzo Restaked ETH (EZETH) $ 3,111.78
  • polygon-pos-bridged-dai-polygon-posPolygon PoS Bridged DAI (Polygon POS) (DAI) $ 0.999876
  • pudgy-penguinsPudgy Penguins (PENGU) $ 0.009945
  • jupiter-staked-solJupiter Staked SOL (JUPSOL) $ 145.79
  • morphoMorpho (MORPHO) $ 1.10
  • l2-standard-bridged-weth-baseL2 Standard Bridged WETH (Base) (WETH) $ 2,918.74
  • jupiter-exchange-solanaJupiter (JUP) $ 0.187119
  • story-2Story (IP) $ 1.71
  • fetch-aiArtificial Superintelligence Alliance (FET) $ 0.219684
  • stakewise-v3-osethStakeWise Staked ETH (OSETH) $ 3,071.06
  • ultimaUltima (ULTIMA) $ 5,691.79
  • first-digital-usdFirst Digital USD (FDUSD) $ 0.998602
  • optimismOptimism (OP) $ 0.286757
  • usual-usdUsual USD (USD0) $ 0.997011
  • arbitrum-bridged-weth-arbitrum-oneArbitrum Bridged WETH (Arbitrum One) (WETH) $ 2,920.44
  • tbtctBTC (TBTC) $ 85,396.00
  • bridged-wrapped-ether-pundi-aifx-omnilayerBridged Wrapped Ether (Pundi AIFX Omnilayer) (WETH) $ 35,382,014.00
  • curve-dao-tokenCurve DAO (CRV) $ 0.355715
  • dashDash (DASH) $ 40.02
  • true-usdTrueUSD (TUSD) $ 0.996178
  • cgeth-hashkey-cloudcgETH Hashkey Cloud (CGETH.HASH) $ 2,460.42
  • injective-protocolInjective (INJ) $ 4.91
  • tezosTezos (XTZ) $ 0.456679
  • eutblSpiko EU T-Bills Money Market Fund (EUTBL) $ 1.23
  • newton-projectAB (AB) $ 0.005289
  • lido-daoLido DAO (LDO) $ 0.542456
  • aerodrome-financeAerodrome Finance (AERO) $ 0.531476
  • blockstackStacks (STX) $ 0.262041
  • starknetStarknet (STRK) $ 0.095365
  • spx6900SPX6900 (SPX) $ 0.509922
  • ether-fiEther.fi (ETHFI) $ 0.772701
  • ghoGHO (GHO) $ 0.999553
  • virtual-protocolVirtuals Protocol (VIRTUAL) $ 0.710450
  • gtethGTETH (GTETH) $ 2,919.26
  • msolMarinade Staked SOL (MSOL) $ 169.60
  • pippinpippin (PIPPIN) $ 0.438851
  • stader-ethxStader ETHx (ETHX) $ 3,140.08
  • celestiaCelestia (TIA) $ 0.500183
  • wrapped-apecoinWrapped ApeCoin (WAPE) $ 0.210410
  • ether-fi-liquid-ethEther.Fi Liquid ETH (LIQUIDETH) $ 3,079.31
  • merlin-chainMerlin Chain (MERL) $ 0.395862
  • flokiFLOKI (FLOKI) $ 0.000042
  • kaiaKaia (KAIA) $ 0.069536
  • usdbUSDB (USDB) $ 0.997422
  • the-graphThe Graph (GRT) $ 0.037976
  • trust-wallet-tokenTrust Wallet (TWT) $ 0.968274
  • audieraAudiera (BEAT) $ 2.87
  • justJUST (JST) $ 0.039627
  • steakhouse-usdc-morpho-vaultSteakhouse USDC Morpho Vault (STEAKUSDC) $ 1.11
  • lorenzo-wrapped-bitcoinLorenzo Wrapped Bitcoin (ENZOBTC) $ 90,454.00
  • swethSwell Ethereum (SWETH) $ 3,199.14
  • sun-tokenSun Token (SUN) $ 0.020203
  • bittorrentBitTorrent (BTT) $ 0.00000039
  • iotaIOTA (IOTA) $ 0.091109
  • telcoinTelcoin (TEL) $ 0.004002
  • sbtc-2sBTC (SBTC) $ 86,545.00
  • doublezeroDoubleZero (2Z) $ 0.108083
  • coinbase-wrapped-staked-ethCoinbase Wrapped Staked ETH (CBETH) $ 3,244.72
  • ethereum-name-serviceEthereum Name Service (ENS) $ 9.63
  • dogwifcoindogwifhat (WIF) $ 0.366639
  • bitcoin-svBitcoin SV (BSV) $ 18.24
  • conflux-tokenConflux (CFX) $ 0.070366
  • olympusOlympus (OHM) $ 22.06
  • apenftAINFT (NFT) $ 0.00000036
  • bitcoin-avalanche-bridged-btc-bAvalanche Bridged BTC (Avalanche) (BTC.B) $ 85,991.00
  • euro-coinEURC (EURC) $ 1.18
  • pyth-networkPyth Network (PYTH) $ 0.058576
  • binance-peg-dogecoinBinance-Peg Dogecoin (DOGE) $ 0.128883
  • basic-attention-tokenBasic Attention (BAT) $ 0.220102
  • kinesis-goldKinesis Gold (KAU) $ 137.70
  • fartcoinFartcoin (FARTCOIN) $ 0.328544
  • usxUSX (USX) $ 0.999172
  • pendlePendle (PENDLE) $ 1.98
  • theta-tokenTheta Network (THETA) $ 0.321361
  • crvusdcrvUSD (CRVUSD) $ 0.999989
  • cap-usdCap USD (CUSD) $ 1.00
Bitcoin

React bug triggers wallet-draining attacks as hackers hit crypto websites

By admin
0 2

React bug triggers wallet-draining attacks as hackers hit crypto websites

A critical React Server Components RCE bug is being weaponized to hijack servers, drain crypto wallets, plant Monero miners, and deepen a $3B 2025 theft wave despite urgent patch pleas.​

Summary

  • Security Alliance and Google TIG say attackers exploit CVE-2025-55182 in React Server Components to run arbitrary code, steal permit signatures, and drain crypto wallets.​
  • Vercel, Meta, and framework teams rushed patches and WAF rules, but researchers found two new RSC bugs and warn JavaScript supply-chain risks like the Josh Goldberg npm hack persist.​
  • Global Ledger reports over $3B stolen across 119 hacks in H1 2025, with funds laundered in minutes using bridges and privacy coins like Monero, and only 4.2% recovered.

A critical security vulnerability in React Server Components has prompted urgent warnings across the cryptocurrency industry, as threat actors exploit the flaw to drain wallets and deploy malware, according to Security Alliance.

Security Alliance announced that crypto-drainers are actively weaponizing CVE-2025-55182, urging all websites to review their front-end code immediately for suspicious assets. The vulnerability affects not only Web3 protocols but all websites using React, with attackers targeting permit signatures across platforms.

You might also like: Curve Finance founder proposes 17M CRV grant to fund 2026 development roadmap

Users face risk when signing transactions, as malicious code intercepts wallet communications and redirects funds to attacker-controlled addresses, according to security researchers.

React’s official team disclosed CVE-2025-55182 on December 3, rating it CVSS 10.0 following Lachlan Davidson’s November 29 report through Meta Bug Bounty. The unauthenticated remote code execution vulnerability exploits how React decodes payloads sent to Server Function endpoints, allowing attackers to craft malicious HTTP requests that execute arbitrary code on servers, according to the disclosure.

React new versions

The flaw impacts React versions 19.0, 19.1.0, 19.1.1, and 19.2.0 across react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack packages. Major frameworks, including Next.js, React Router, Waku, and Expo, require immediate updates, according to the advisory.

Patches arrived in versions 19.0.1, 19.1.2, and 19.2.1, with Next.js users needing upgrades across multiple release lines from 14.2.35 through 16.0.10, according to the release notes.

Researchers have found two new vulnerabilities in React Server Components while attempting to exploit the patches, according to reports. These are new issues, separate from the critical CVE. The patch for React2Shell remains effective for the Remote Code Execution exploit, researchers stated.

Vercel deployed Web Application Firewall rules to automatically protect projects on its platform, though the company emphasized that WAF protection alone remains insufficient. Immediate upgrades to a patched version are required, Vercel stated in its December 3 security bulletin, adding that the vulnerability affects applications that process untrusted input in ways that permit remote code execution.

Google Threat Intelligence Group documented widespread attacks beginning on December 3, tracking criminal groups ranging from opportunistic hackers to government-backed operations. Chinese hacking groups installed various malware types on compromised systems, primarily targeting cloud servers on Amazon Web Services and Alibaba Cloud, according to the report.

These attackers employed techniques to maintain long-term access to victim systems, according to Google Threat Intelligence Group. Some groups installed software creating remote access tunnels, while others deployed programs that continuously download additional malicious tools disguised as legitimate files. The malware hides in system folders and automatically restarts to avoid detection, researchers reported.

Financially motivated criminals joined the attack wave starting on December 5, installing crypto-mining software that uses victims’ computing power to generate Monero, according to security researchers. These miners run constantly in the background, driving up electricity costs while generating profits for attackers. Underground hacking forums quickly filled with discussions sharing attack tools and exploitation experiences, researchers observed.

The React vulnerability follows a September 8 attack in which hackers compromised Josh Goldberg’s npm account and published malicious updates to 18 widely used packages, including chalk, debug, and strip-ansi. These utilities collectively account for over 2.6 billion weekly downloads, and researchers have discovered crypto-clipper malware that intercepts browser functions to swap legitimate wallet addresses with attacker-controlled ones.

Ledger CTO Charles Guillemet described that incident as a “large-scale supply chain attack,” advising users without hardware wallets to avoid on-chain transactions. The attackers gained access through phishing campaigns impersonating npm support, claiming accounts would be locked unless two-factor authentication credentials were updated by September 10, according to Guillemet.

Hackers are stealing cryptocurrency and moving it faster, with one laundering process reportedly taking only 2 minutes 57 seconds, according to industry data.

Global Ledger data shows hackers stole over $3 billion across 119 incidents in the first half of 2025, with 70% of breaches involving funds being moved before they became public. Only 4.2% of stolen assets were recovered, as laundering now takes seconds rather than hours, according to the report.

Organizations using React or Next.js are advised to patch immediately to versions 19.0.1, 19.1.2, or 19.2.1, deploy WAF rules, audit all dependencies, monitor network traffic for wget or cURL commands initiated by web server processes, and hunt for unauthorized hidden directories or malicious shell configuration injections, according to security advisories.

Read more: Curve Finance founder proposes 17M CRV grant to fund 2026 development roadmap

Source

admin 16082 posts 0 comments
You might also like More from author

Leave A Reply

Your email address will not be published.