Crypto Wallets Targeted In JavaScript Library Exploit—Cybersecurity Firm

bitcoinistPublicado a 2025-12-16Actualizado a 2025-12-16

Resumen

A critical vulnerability (CVE-2025-55182) in React Server Components (versions 19.0 to 19.2.0) is being actively exploited to inject malicious code into websites and steal cryptocurrency from connected wallets. The flaw, which allows unauthenticated attackers to execute arbitrary code on affected servers, has led to wallet-draining campaigns across multiple crypto sites. Cybersecurity firm Security Alliance (SEAL) warns that attackers are using the exploit to inject scripts that hijack or redirect transactions by altering user interfaces or swapping addresses. Over 50 organizations have reported compromise attempts, with scanning tools and exploit kits rapidly spreading in underground forums. Patched versions (19.0.1, 19.1.2, 19.2.1) are available, and all affected sites are urged to update immediately.

A critical flaw in React Server Components is being used by attackers to inject malicious code into live websites, and that code is siphoning crypto from connected wallets.

Reports note that the vulnerability, tracked as CVE-2025-55182, was published by the React team on December 3 and carries a maximum severity rating.

Cybersecurity firm Security Alliance (SEAL) has confirmed that multiple crypto websites are actively being targeted, and they urge operators to review all React Server Components immediately to prevent wallet-draining attacks.

Security teams say the bug allows an unauthenticated attacker to run code on affected servers, which has been turned into wallet-draining campaigns across several sites.

Image: Shutterstock

A Wide Risk To Sites Using Server Components

SEAL said the flaw affects React Server Components packages in versions 19.0 through 19.2.0, and patched releases such as 19.0.1, 19.1.2, and 19.2.1 were issued after disclosure.

The vulnerability works by exploiting unsafe deserialization in the Flight protocol, letting a single crafted HTTP request execute arbitrary code with the web server’s privileges. Security teams have warned that many sites using default configurations are at risk until they apply the updates.

Attackers Inject Wallet-Draining Scripts Into Compromised Pages

According to industry posts, threat actors are using the exploit to plant scripts that prompt users to connect Web3 wallets and then hijack or redirect transactions.

In some cases the injected code alters the user interface or swaps addresses, so a user believes they are sending funds to one account while the transaction actually pays an attacker. This method can hit users who trust familiar crypto sites and connect wallets without checking every approval.

BTCUSD now trading at $89,626. Chart: TradingView

Scanners And Proof-Of-Concepts Flooded Underground Forums

Security researchers report a rush of scanning tools, fake proof-of-concept code, and exploit kits shared in underground forums shortly after the vulnerability was disclosed.

Cloud and threat-intelligence teams have observed multiple groups scanning for vulnerable servers and testing payloads, which has accelerated active exploitation.

Some defenders say that the speed and volume of scanning have made it hard to stop all attempts before patches are applied.

More Than 50 Organizations Reported Compromise Attempts

Based on reports from incident responders, post-exploitation crypto activity has been observed at more than 50 organizations across finance, media, government, and tech.

In several investigations, attackers established footholds and then used those to deliver further malware or to seed front-end code that targets wallet users.

SEAL has emphasized that organizations failing to patch or monitor their servers could experience further attacks, and ongoing monitoring is essential until all systems are verified safe.

Featured image from Unsplash, chart from TradingView

Lecturas Relacionadas

Iran’s Crypto Lifeline Hit As US Freezes $344 Million In Funds

The US Treasury has frozen $344 million in cryptocurrency tied to Iranian military and political groups, specifically targeting two Tron blockchain wallets connected to the Islamic Revolutionary Guard Corps and Hizballah. This action follows reports that Iran was collecting Bitcoin payments from ships for safe passage through the Strait of Hormuz. The freeze occurred just one day after stablecoin issuer Tether locked the same amount of funds at the request of US law enforcement. The move is part of broader US efforts to disrupt Iran's ability to generate and move funds, highlighting the limitations of using cryptocurrency as a sanctions workaround when centralized issuers comply with enforcement actions.

bitcoinistHace 3 min(s)

Iran’s Crypto Lifeline Hit As US Freezes $344 Million In Funds

bitcoinistHace 3 min(s)

Amidst the Volatility in the Crypto Market, Who is Buying Against the Trend?

"In a volatile crypto market downturn of Q1 2026, institutional players demonstrated divergent strategies. While Bitcoin fell over 25% and Ethereum dropped 35%, key institutions accumulated: corporate treasuries like Strategy (MicroStrategy) added over $10 billion in BTC, sovereign wealth funds like Mubadala increased IBIT holdings by 46%, and major banks launched crypto services and ETFs. Notably, 26 new crypto ETFs were filed or launched under streamlined SEC rules, including bank-led products from Morgan Stanley and BlackRock’s staking ETH ETF. VC funding saw concentration: total investment reached ~$5 billion, but deal count plummeted 49%. Three mega-deals—BVNK ($1.8B), Kalshi ($1B), and Polymarket ($600M)—accounted for half the quarter’s funding. Investment shifted from DeFi/NFTs to payments, prediction markets, and regulated CeFi infrastructure. Selling pressure came from hedge funds (e.g., Brevan Howard cut IBIT by 85%) and Bitcoin miners liquidating holdings. The U.S. strategic Bitcoin reserve saw zero additions, highlighting that real buying came from corporations and sovereign funds, not governments. The institutional crypto landscape is bifurcating: long-term holders accumulate while short-term traders exit, signaling a foundation for the next cycle."

marsbitHace 26 min(s)

Amidst the Volatility in the Crypto Market, Who is Buying Against the Trend?

marsbitHace 26 min(s)

Hands-on with Hunyuan Hy3 Preview: Tencent's AI, Finally Competitive?

Tencent's Hunyuan AI team has released its latest language model, Hy3 preview, marking a significant step forward for the company's AI capabilities. With 295B total parameters and support for 256K context length, the model employs a mixture-of-experts architecture. It shows improvements in complex logic, instruction following, contextual learning, code generation, and agent task execution. In testing, Hy3 preview demonstrated strong performance in multi-step logical reasoning but showed occasional instability in identifying traps in trick questions. It performed well in extracting key information from disordered meeting transcripts and accurately followed new linguistic rules. As an AI agent, it successfully built functional applications like a Snake game and generated data analysis dashboards, though it sometimes fell short in fully completing complex open-ended tasks. In natural language use, it produced coherent and stylistically appropriate narratives with reduced “AI-like” tone. Priced competitively, Hy3 preview is already integrated into Tencent’s key products, including Tencent Cloud and WorkBuddy. While not leading in every benchmark, it represents a solid, practical model that signals Tencent’s renewed momentum in AI development.

marsbitHace 2 hora(s)

Hands-on with Hunyuan Hy3 Preview: Tencent's AI, Finally Competitive?

marsbitHace 2 hora(s)

From Theft to Re-entry: How Was $292 Million "Laundered"?

A sophisticated crypto laundering operation was executed following the $292 million hack of Kelp DAO on April 18. The attack, attributed to the North Korean Lazarus group, began with anonymous infrastructure preparation using Tornado Cash to fund wallets untraceably. The hacker exploited a vulnerability in Kelp’s cross-chain bridge, stealing 116,500 rsETH. To avoid crashing the market, the attacker used Aave and Compound as laundering tools—depositing the stolen rsETH as collateral to borrow $190 million in clean, liquid ETH. This move triggered a bank run on Aave, causing an $8 billion drop in TVL. After consolidating funds, the attacker fragmented them across hundreds of wallets to evade detection. A major breakpoint was THORChain, where over $460 million in volume—30 times its usual activity—was processed in 24 hours, converting ETH into Bitcoin. This shift to Bitcoin’s UTXO model exponentially increased tracing complexity by shattering funds into countless untraceable fragments. The final destination was Tron-based USDT, the primary channel for illicit crypto flows. From there, funds were cashed out via OTC brokers in China and Southeast Asia, using unlicensed underground banks and UnionPay networks outside Western sanctions scope. Ultimately, the laundered money supports North Korea’s weapons programs, which rely heavily on crypto hacking for foreign currency. The incident underscores structural challenges in DeFi: its openness, composability, and lack of central control make such laundering not just possible, but inherently difficult to prevent.

marsbitHace 2 hora(s)

From Theft to Re-entry: How Was $292 Million "Laundered"?

marsbitHace 2 hora(s)

Behind DeepSeek V4's Stunning Debut: Silicon Valley Is 'Building Walls,' China Is 'Paving Roads'

China's AI landscape is witnessing a strategic divergence from Silicon Valley’s closed-source competition to a collaborative open-source ecosystem. On April 24, DeepSeek released V4, a top-ranked open-source model on Hugging Face, featuring breakthroughs like million-token context length with minimal KV cache and native support for domestic chips like Huawei’s Ascend. Similarly, Kimi’s K2.6, released days earlier, also adopted open-source principles. Unlike U.S. giants such as OpenAI and Anthropic—locked in revenue disputes and tactical product clashes—Chinese firms embrace shared innovation. DeepSeek and Kimi openly build on each other’s advances, like the MLA architecture and Muon optimizer, avoiding redundant R&D and driving down costs. DeepSeek V4 focused on pushing base model capabilities, while Kimi specialized in Agent-based applications. Although U.S. firms lead in revenue and valuation, China’s open-source models achieve comparable performance at a fraction of the cost (e.g., DeepSeek V3 trained for $5.58M vs. GPT-5’s $500M+). With token usage growing exponentially, China’s collaborative model promises scalable, affordable AI built on domestic hardware, shaping a more accessible path to AGI.

marsbitHace 3 hora(s)

Behind DeepSeek V4's Stunning Debut: Silicon Valley Is 'Building Walls,' China Is 'Paving Roads'

marsbitHace 3 hora(s)

Trading

Spot
Futuros
活动图片