Hackers are exploiting a JavaScript library to plant crypto drainers

cointelegraphPublicado a 2025-12-15Actualizado a 2025-12-15

Resumen

A recent surge in crypto drainer attacks is exploiting a critical vulnerability (CVE-2025-55182) in the React JavaScript library, as reported by cybersecurity nonprofit Security Alliance (SEAL). The vulnerability, which allows unauthenticated remote code execution, was disclosed on December 3 after being discovered by a white hat hacker. Attackers are using this flaw to inject wallet-draining code into legitimate crypto websites, often tricking users into signing malicious transactions through fake pop-ups or reward offers. SEAL warns that affected websites may be flagged as phishing risks and urges all site owners to immediately scan their front-end code for suspicious or obfuscated scripts, unrecognized assets, and incorrect recipient addresses in signature requests. The React team has released a patch for the vulnerability and recommends that users of react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack upgrade immediately. Apps not using React Server Components or a server are not affected.

There has been a recent uptick in crypto drainers being uploaded to websites through a vulnerability in the open-source front-end JavaScript library React, according to cybersecurity nonprofit Security Alliance (SEAL).

React is used for building user interfaces, especially in web applications. The React team disclosed on Dec. 3 that a white hat hacker, Lachlan Davidson, found a security vulnerability in its software that allowed unauthenticated remote code execution, which can allow an attacker to insert and run their own code.

According to SEAL, bad actors have been using the vulnerability, CVE-2025-55182, to secretly add wallet-draining code to crypto websites.

“We are observing a big uptick in drainers uploaded to legitimate crypto websites through exploitation of the recent React CVE. All websites should review front-end code for any suspicious assets NOW,” the SEAL Team said.

“The attack is targeting not only Web3 protocols! All websites are at risk. Users should exercise caution when signing ANY permit signature.”

Wallet drainers typically dupe users into signing a transaction through methods such as a sham pop-up offering rewards or similar tactics.

Websites with phishing warning should check code

Affected websites may have been suddenly flagged as a possible phishing risk without explanation, according to the SEAL Team. They recommend website hosts take precautions to ensure there are no hidden drainers that could put users at risk.

“Scan host for CVE-2025-55182. Check if your front-end code is suddenly loading assets from hosts you do not recognize. Check if any of the scripts loaded by your front end code are obfuscated JavaScript. Inspect if the wallet is showing the correct recipient on the signature signing request,” they said.

Related: North Korean ‘fake Zoom’ crypto hacks now a daily threat: SEAL

“If your project is getting blocked, that may be the reason. Please review your code first before requesting phishing page warning removal,” the SEAL Team added.

React has released a fix for the vulnerability

The React team published a fix for CVE-2025-55182 on Dec. 3 and advises anyone using the react-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack, to upgrade immediately and close the vulnerability.

“If your app’s React code does not use a server, your app is not affected by this vulnerability. If your app does not use a framework, bundler, or bundler plugin that supports React Server Components, your app is not affected by this vulnerability,” the team added.

Magazine: Meet the onchain crypto detectives fighting crime better than the cops

Lecturas Relacionadas

Putting Markets On-Chain: Canton Network Quietly Becoming the New Backbone for Institutional Finance

Canton Network: A New Institutional Financial Infrastructure Emerges Visa's rapid three-day approval as a super-validator on Canton Network in March 2026 marks a significant institutional endorsement. Unlike public blockchains like Ethereum, which prioritize transparency, Canton is designed for regulated financial institutions. Its core innovation is built-in data visibility control, where transaction details are only visible to direct participants. This enables institutions like Goldman Sachs, JPMorgan, and DTCC to conduct private, secure business on-chain without exposing sensitive strategies or positions. Canton, developed by Wall Street-focused Digital Asset, emphasizes slow, methodical development to meet stringent institutional requirements. Current on-chain activity, exceeding $9 trillion monthly, involves real balance-sheet operations like tokenized repos, treasury settlements, and collateral movement—not retail speculation. Key applications include JPMorgan's deposit token (JPM Coin), DTCC's U.S. Treasury tokenization, and Visa-enabled atomic settlement, aiming to synchronize asset delivery and payment instantly. The network's CC token is a utility asset, with value tied to real financial activity volume. It features no pre-mine or VC allocations, aligning with institutional preferences for transparency. Canton's 3–5 year vision is to become an "invisible" foundational layer for global finance—facilitating real-time cross-border capital flows, institutional stablecoin settlement, and native on-chain operations for major asset classes. While regulatory harmonization and legacy system integration remain challenges, Canton represents a pragmatic shift towards embedding markets themselves into blockchain infrastructure.

Odaily星球日报Hace 12 min(s)

Putting Markets On-Chain: Canton Network Quietly Becoming the New Backbone for Institutional Finance

Odaily星球日报Hace 12 min(s)

SpaceX Reveals $1.45B Bitcoin Stash In S-1 Filing, Surpassing Market Estimates

SpaceX's S-1 filing revealed it holds 18,712 Bitcoin, valued at roughly $1.45 billion as of March 31. This amount, more than double prior market estimates, places the company seventh among public companies by Bitcoin holdings and ahead of Tesla's stash. The coins were purchased at an average price of $35,320 each. As SpaceX prepares for a historic IPO aiming to raise around $75 billion, its stock will offer investors indirect exposure to one of the largest corporate Bitcoin positions. The disclosure indicates a deliberate, long-term crypto strategy that was largely hidden until the filing.

bitcoinistHace 1 hora(s)

SpaceX Reveals $1.45B Bitcoin Stash In S-1 Filing, Surpassing Market Estimates

bitcoinistHace 1 hora(s)

Hoskinson Warns Cardano Could Lose Its ‘Science Coin’ Edge

Charles Hoskinson warns that Cardano risks losing its identity as the "science coin" if DReps fail to approve a key research funding proposal. He explains the ecosystem is in "treasury season" with a tougher funding environment, requesting $52 million this year versus $98 million last year, leading to cuts and layoffs. Hoskinson argues Cardano's research program is its "spine and backbone," responsible for its differentiation through work on proof-of-stake, extended UTXO, Plutus, and academic collaborations. He rejects calls to selectively fund parts of the research group, warning that treating researchers as commodities could lead to an irreplaceable talent drain to better-funded rivals. Hoskinson ties research funding to Cardano's long-term investment case, stating that without it, the project would lose a core value proposition. He ends with a direct appeal to DReps to vote for the proposal, calling it a necessary foundation for Cardano's future.

bitcoinistHace 1 hora(s)

Hoskinson Warns Cardano Could Lose Its ‘Science Coin’ Edge

bitcoinistHace 1 hora(s)

Evernorth Says RLUSD Is Not An XRP Killer: Here’s Why

Evernorth's Chief Business Officer Sagar Shah argues that Ripple's new stablecoin RLUSD is not a replacement for XRP, as they serve fundamentally different purposes in on-chain finance. RLUSD is designed as a high-quality digital dollar, functioning as a specific asset leg in transactions. In contrast, XRP acts as a neutral "routing" or "bridge" asset on the XRP Ledger, facilitating trades between diverse tokenized assets (like treasury bills and euro stablecoins) without requiring direct matching counterparties. Shah outlines three key reasons why RLUSD cannot replace XRP's role: 1) **Issuer Risk**: RLUSD, like all stablecoins, carries the risk of its issuing entity facing regulatory or operational problems, making it unsuitable as a mandatory routing asset for all trades. 2) **Neutrality**: Stablecoins must comply with sanctions and restrictions, whereas XRP's censorship-resistant design allows it to serve as a global, permissionless router. 3) **Market Structure**: Efficient liquidity requires a common bridge asset to connect hundreds of tokenized assets, a role for which XRP's liquidity, protocol integration, and lack of issuer make it uniquely suited. The conclusion is that the growth of on-chain finance requires both a reliable digital dollar (RLUSD) and a neutral routing asset (XRP), with both functions being complementary rather than competitive.

bitcoinistHace 2 hora(s)

Evernorth Says RLUSD Is Not An XRP Killer: Here’s Why

bitcoinistHace 2 hora(s)

USDC Begins Nested Issuance, Coinbase Launches Custom Stablecoin Branding Service

Coinbase has launched its "Custom Stablecoins" platform, enabling businesses to offer branded stablecoins. The first client is Flipcash, a social payments app, which has introduced USDF. USDF is a Solana-based stablecoin, pegged 1:1 to USDC, and is designed to serve as a stable pricing and settlement unit for Flipcash's user-created community currencies. This move shifts the focus of stablecoins from being standalone assets or investment products to becoming embedded payment and settlement components within broader applications. For businesses like Flipcash, the core need is not to become a stablecoin issuer, but to integrate stable, reliable digital cash functionality—handling pricing, payments, and settlements—without managing the complex underlying infrastructure of issuance, reserves, on-chain contracts, fiat on-ramps, and compliance. Coinbase's platform provides this infrastructure as a service, positioning the exchange as a stablecoin infrastructure provider. While USDC remains the foundational reserve asset, the branded token (e.g., USDF) offers applications a tailored, user-facing financial tool. This development highlights a potential path for stablecoins to become ubiquitous backend utilities in social, gaming, and e-commerce applications, though it also brings significant regulatory and operational complexities associated with handling real user funds.

链捕手Hace 2 hora(s)

USDC Begins Nested Issuance, Coinbase Launches Custom Stablecoin Branding Service

链捕手Hace 2 hora(s)

Trading

Spot

Futuros

Artículos destacados

Cómo comprar HPP

¡Bienvenido a HTX.com! Hemos hecho que comprar House Party Protocol (HPP) sea simple y conveniente. Sigue nuestra guía paso a paso para iniciar tu viaje de criptos.Paso 1: crea tu cuenta HTXUtiliza tu correo electrónico o número de teléfono para registrarte y obtener una cuenta gratuita en HTX. Experimenta un proceso de registro sin complicaciones y desbloquea todas las funciones.Obtener mi cuentaPaso 2: ve a Comprar cripto y elige tu método de pagoTarjeta de crédito/débito: usa tu Visa o Mastercard para comprar House Party Protocol (HPP) al instante.Saldo: utiliza fondos del saldo de tu cuenta HTX para tradear sin problemas.Terceros: hemos agregado métodos de pago populares como Google Pay y Apple Pay para mejorar la comodidad.P2P: tradear directamente con otros usuarios en HTX.Over-the-Counter (OTC): ofrecemos servicios personalizados y tipos de cambio competitivos para los traders.Paso 3: guarda tu House Party Protocol (HPP)Después de comprar tu House Party Protocol (HPP), guárdalo en tu cuenta HTX. Alternativamente, puedes enviarlo a otro lugar mediante transferencia blockchain o utilizarlo para tradear otras criptomonedas.Paso 4: tradear House Party Protocol (HPP)Tradear fácilmente con House Party Protocol (HPP) en HTX's mercado spot. Simplemente accede a tu cuenta, selecciona tu par de trading, ejecuta tus trades y monitorea en tiempo real. Ofrecemos una experiencia fácil de usar tanto para principiantes como para traders experimentados.

142 Vistas totalesPublicado en 2026.04.29Actualizado en 2026.04.29

Qué es GENIUS

I. Introducción al Proyecto1. ¿Qué es Genius?Genius (GENIUS) se posiciona como el “terminal en cadena definitivo”, una plataforma de trading descentralizada enfocada en la privacidad y la velocidad. Al integrar tecnología de privacidad de primer nivel, busca construir una infraestructura de trading privado de próxima generación en redes como BNB Chain, permitiendo a los usuarios interactuar en cadena con una experiencia fluida comparable a los intercambios centralizados.2. ¿Cómo Funciona Genius?La arquitectura técnica central de Genius está estructurada de la siguiente manera:(1) Invisible en la cadena: Los usuarios no necesitan manejar manualmente aprobaciones de múltiples pasos para operaciones entre cadenas, envoltura de activos o gestión compleja de gas.(2) Trading sin firma: A través de integraciones como Turnkey, Genius permite el trading instantáneo sin confirmaciones emergentes o autorización por transacción.(3) Agregador de Agregadores: Genius está impulsado por una pila de agregación de clase mundial integrada con más de 150 DEXs, reclamando una eficiencia de cotización superior en comparación con productos competidores.(4) Gestión de Cuentas: La plataforma adopta una arquitectura no custodial y aprovecha Turnkey y Lit Protocol para la gestión de claves, permitiendo a los usuarios acceder de manera segura a sus cuentas a través de claves de acceso.3. ¿Quién Creó Genius?Según sus Términos de Servicio oficiales, Genius fue desarrollado por Shuttle Labs, Inc. Basado en la cuenta oficial de X del proyecto, Ryan Myher es uno de los contribuyentes clave que impulsa la iteración del producto, incluyendo desarrollos como el lanzamiento del protocolo Ghost, así como un mayor compromiso con la comunidad.El fundador de Binance, CZ, se ha unido oficialmente al proyecto como asesor, con el objetivo de ayudar al equipo a construir una experiencia de trading en cadena más rápida y que preserve la privacidad.Además, el proyecto ha recibido un fuerte respaldo de YZi Labs, que ha invertido en Genius y trabaja junto a la Fundación Genius, responsable de mantener el Protocolo Genius Bridge (GBP).4. Tokenómica de GeniusGENIUS es el token nativo del ecosistema Genius. Hasta ahora, el proyecto no ha publicado un documento completo de tokenómica.Según las últimas divulgaciones oficiales, Genius incorpora un mecanismo deflacionario, y el 4.6% del suministro total de tokens ya había sido quemado durante la fase de lanzamiento inicial.Sistema de Puntos Genius (GP):(1) Comercio para Ganar: La plataforma ha establecido un fondo de recompensas de 200 millones de Puntos Genius, y los usuarios ganan GP por cada comercio ejecutado a través del terminal.(2) Clasificación y Insignias: Genius cuenta con un sistema de insignias basado en progresión que va desde Inteligente hasta Dios, con niveles más altos desbloqueando beneficios y ventajas adicionales.(3) Rendimiento Nativo: Los usuarios que posean activos designados como usdGG en el panel pueden ganar rendimiento nativo directamente sin pasar por un staking complejo.(4) Incentivos por Referidos: Los referidores pueden ganar reembolsos de tarifas de más del 45% pagados en USDC, junto con GP adicionales.5. Cronograma & Hitos ClaveMarzo 2020: Se creó la cuenta oficial de X del proyecto, marcando el inicio de su fase de preparación temprana.13 de enero de 2026: Genius anunció una inversión de varios millones de dólares de YZi Labs y simultáneamente confirmó a CZ como asesor para acelerar la construcción de su infraestructura de trading privado.18 de abril de 2026: El proyecto anunció que el protocolo de privacidad Ghost se lanzaría pronto.29 de abril de 2026: El protocolo Ghost se abrió oficialmente a sus primeros 50 testers, marcando el comienzo de una nueva era para el trading privado en BNB Chain. Al mismo tiempo, el equipo confirmó que el 4.6% de los tokens han sido quemados.II. Información del Token1) Información BásicaNombre del token: GENIUS (Genius)III. Enlaces RelacionadosSitio web：https://www.tradegenius.com/homeExploradores：https://bscscan.com/address/0x1f12b85aac097e43aa1555b2881e98a51090e9a6Redes Sociales：https://x.com/GeniusTerminalNota: La introducción del proyecto proviene de los materiales publicados o proporcionados por el equipo oficial del proyecto, que es solo para referencia y no constituye asesoramiento de inversión. HTX no se hace responsable de ninguna pérdida directa o indirecta resultante.

251 Vistas totalesPublicado en 2026.04.29Actualizado en 2026.05.12

Cómo comprar GENIUS

¡Bienvenido a HTX.com! Hemos hecho que comprar Genius (GENIUS) sea simple y conveniente. Sigue nuestra guía paso a paso para iniciar tu viaje de criptos.Paso 1: crea tu cuenta HTXUtiliza tu correo electrónico o número de teléfono para registrarte y obtener una cuenta gratuita en HTX. Experimenta un proceso de registro sin complicaciones y desbloquea todas las funciones.Obtener mi cuentaPaso 2: ve a Comprar cripto y elige tu método de pagoTarjeta de crédito/débito: usa tu Visa o Mastercard para comprar Genius (GENIUS) al instante.Saldo: utiliza fondos del saldo de tu cuenta HTX para tradear sin problemas.Terceros: hemos agregado métodos de pago populares como Google Pay y Apple Pay para mejorar la comodidad.P2P: tradear directamente con otros usuarios en HTX.Over-the-Counter (OTC): ofrecemos servicios personalizados y tipos de cambio competitivos para los traders.Paso 3: guarda tu Genius (GENIUS)Después de comprar tu Genius (GENIUS), guárdalo en tu cuenta HTX. Alternativamente, puedes enviarlo a otro lugar mediante transferencia blockchain o utilizarlo para tradear otras criptomonedas.Paso 4: tradear Genius (GENIUS)Tradear fácilmente con Genius (GENIUS) en HTX's mercado spot. Simplemente accede a tu cuenta, selecciona tu par de trading, ejecuta tus trades y monitorea en tiempo real. Ofrecemos una experiencia fácil de usar tanto para principiantes como para traders experimentados.

182 Vistas totalesPublicado en 2026.04.29Actualizado en 2026.05.12

Discusiones

Bienvenido a la comunidad de HTX. Aquí puedes mantenerte informado sobre los últimos desarrollos de la plataforma y acceder a análisis profesionales del mercado. A continuación se presentan las opiniones de los usuarios sobre el precio de A (A).