A newly discovered loophole in one of the web’s most
used development tools is giving hackers a new way to drain cryptocurrency
wallets.
Cybersecurity researchers have reported a surge in
malicious code uploaded to legitimate websites through a vulnerability in the
popular JavaScript library React — a tool used by countless crypto platforms
for their front-end systems.
Crypto Drainer Attacks Surge via React Flaw
According to Security Alliance (SEAL), a nonprofit
cybersecurity organization, criminals are actively exploiting a recently
disclosed React vulnerability labeled CVE-2025-55182.
Crypto Drainers using React CVE-2025-55182We are observing a big uptick in drainers uploaded to legitimate (crypto) websites through exploitation of the recent React CVE.All websites should review front-end code for any suspicious assets NOW.
— Security Alliance (@_SEAL_Org) December 13, 2025
“We are observing a big uptick in drainers uploaded to
legitimate crypto websites through exploitation of the recent React CVE,” SEAL
stated on X (formerly Twitter). “All websites should review front-end code for
any suspicious assets NOW.
The flaw enables unauthenticated remote code
execution, allowing attackers to secretly inject wallet-draining scripts into
websites. The malicious code tricks users into approving fake transactions via
deceptive pop-ups or reward prompts.
Read more: Hackers Exploit JavaScript Accounts in Massive Crypto Attack Reportedly Affecting 1B+ Downloads
SEAL cautioned that some compromised sites may be
unexpectedly flagged as phishing risks. The organization advised web
administrators to conduct immediate security audits to catch any injected
assets or obfuscated JavaScript.
“If your project is getting blocked, that may be the reason. Please review your code first before requesting phishing page warning removal.
The attack is targeting not only Web3 protocols! All websites are at risk. Users should exercise caution when signing ANY permit signature.”
Scan host for CVE-2025-55182Check if your FE code is suddenly loading assets from hosts you do not recognizeCheck if any of the “Scripts” loaded by your FE code are obfuscated JavaScriptInspect if the wallet is showing the correct recipient on the signature signing request
— Security Alliance (@_SEAL_Org) December 13, 2025
Phishing Flags and Hidden Drainers
The group warned that developers who find their
projects mistakenly blocked as phishing pages should inspect their code first
before appealing the warning.
The React development team confirmed on December 3
that it had patched the vulnerability after white hat hacker Lachlan Davidson
privately reported the issue.
The fix affects the react-server-dom-webpack,
react-server-dom-parcel, and react-server-dom-turbopack packages. The team
urged all developers using these components to update immediately.
This article was written by Jared Kirui at www.financemagnates.com.
Source link
