Crypto Wallets Targeted In JavaScript Library Exploit—Cybersecurity Firm

bitcoinistPublicado a 2025-12-16Actualizado a 2025-12-16

Resumen

A critical vulnerability (CVE-2025-55182) in React Server Components (versions 19.0 to 19.2.0) is being actively exploited to inject malicious code into websites and steal cryptocurrency from connected wallets. The flaw, which allows unauthenticated attackers to execute arbitrary code on affected servers, has led to wallet-draining campaigns across multiple crypto sites. Cybersecurity firm Security Alliance (SEAL) warns that attackers are using the exploit to inject scripts that hijack or redirect transactions by altering user interfaces or swapping addresses. Over 50 organizations have reported compromise attempts, with scanning tools and exploit kits rapidly spreading in underground forums. Patched versions (19.0.1, 19.1.2, 19.2.1) are available, and all affected sites are urged to update immediately.

A critical flaw in React Server Components is being used by attackers to inject malicious code into live websites, and that code is siphoning crypto from connected wallets.

Reports note that the vulnerability, tracked as CVE-2025-55182, was published by the React team on December 3 and carries a maximum severity rating.

Cybersecurity firm Security Alliance (SEAL) has confirmed that multiple crypto websites are actively being targeted, and they urge operators to review all React Server Components immediately to prevent wallet-draining attacks.

Security teams say the bug allows an unauthenticated attacker to run code on affected servers, which has been turned into wallet-draining campaigns across several sites.

Image: Shutterstock

A Wide Risk To Sites Using Server Components

SEAL said the flaw affects React Server Components packages in versions 19.0 through 19.2.0, and patched releases such as 19.0.1, 19.1.2, and 19.2.1 were issued after disclosure.

The vulnerability works by exploiting unsafe deserialization in the Flight protocol, letting a single crafted HTTP request execute arbitrary code with the web server’s privileges. Security teams have warned that many sites using default configurations are at risk until they apply the updates.

Attackers Inject Wallet-Draining Scripts Into Compromised Pages

According to industry posts, threat actors are using the exploit to plant scripts that prompt users to connect Web3 wallets and then hijack or redirect transactions.

In some cases the injected code alters the user interface or swaps addresses, so a user believes they are sending funds to one account while the transaction actually pays an attacker. This method can hit users who trust familiar crypto sites and connect wallets without checking every approval.

BTCUSD now trading at $89,626. Chart: TradingView

Scanners And Proof-Of-Concepts Flooded Underground Forums

Security researchers report a rush of scanning tools, fake proof-of-concept code, and exploit kits shared in underground forums shortly after the vulnerability was disclosed.

Cloud and threat-intelligence teams have observed multiple groups scanning for vulnerable servers and testing payloads, which has accelerated active exploitation.

Some defenders say that the speed and volume of scanning have made it hard to stop all attempts before patches are applied.

More Than 50 Organizations Reported Compromise Attempts

Based on reports from incident responders, post-exploitation crypto activity has been observed at more than 50 organizations across finance, media, government, and tech.

In several investigations, attackers established footholds and then used those to deliver further malware or to seed front-end code that targets wallet users.

SEAL has emphasized that organizations failing to patch or monitor their servers could experience further attacks, and ongoing monitoring is essential until all systems are verified safe.

Featured image from Unsplash, chart from TradingView

Lecturas Relacionadas

a16z: 5 Ways Blockchain Can Help AI Agent Infrastructure

Blockchain technology provides critical infrastructure for AI agents by addressing five key challenges: 1) Non-human identity: AI agents lack standardized, portable identity systems. Blockchain enables verifiable, cross-platform agent identities (like "Know Your Agent" frameworks) through cryptographic credentials and on-chain registries. 2) AI governance: When AI systems execute decisions, blockchain ensures transparency and prevents centralized control by recording actions on-chain and enabling auditable execution logs. 3) Payments: Stablecoins and crypto payments (e.g., x402, MPP) serve as default settlement layers for agent-to-agent commerce, enabling frictionless, programmable transactions for "headless" AI-native businesses. 4) Trust and verification: As AI scales, blockchain provides cryptographic proof of origin and auditable histories, making verification—not intelligence—the scarce resource. 5) User control: Crypto-native tools (e.g., delegation toolkits, intent-based architectures) allow users to set boundaries and maintain oversight over autonomous agents, minimizing blind trust. Together, blockchain and AI can create an economic infrastructure built on transparency, accountability, and user sovereignty.

marsbitHace 26 min(s)

a16z: 5 Ways Blockchain Can Help AI Agent Infrastructure

marsbitHace 26 min(s)

You Bet on the News, the Pros Read the Rules: The True Cognitive Gap in Losing Money on Polymarket

The article explains that the key to profiting on Polymarket, a prediction market platform, lies not just predicting real-world events correctly, but in meticulously understanding the specific rules that govern how each market will be resolved. It illustrates this with examples, such as a market on Venezuela's 2026 leader, where the official rules defining "officially holds" the office overruled the intuitive answer of who was in practical control. Other examples include debates over the definition of a "token" or what constitutes an "agreement." The core argument is that a "reality vs. rules" gap creates pricing discrepancies that savvy traders ("车头" or "whales") exploit. The platform has a formal dispute resolution process managed by UMA token holders to settle ambiguous outcomes. This process involves proposal submission, a challenge window, a discussion period, and a final vote. However, the article highlights a critical flaw in this system compared to a traditional court: the lack of separation between the arbiters (UMA voters) and the interested parties (traders with financial stakes in the outcome). This conflict of interest undermines the discussion phase, leads to herd mentality, and results in opaque final decisions without explanatory rulings. Consequently, the system lacks a body of precedent, making it difficult for users to learn from past disputes. The ultimate takeaway is that success on Polymarket requires a lawyer-like scrutiny of the rules to identify and capitalize on the cognitive gap between how events appear and how they are contractually defined for settlement.

marsbitHace 42 min(s)

You Bet on the News, the Pros Read the Rules: The True Cognitive Gap in Losing Money on Polymarket

marsbitHace 42 min(s)

Will Solana Flip Ethereum Soon? SOL Takes First Step Toward Total Domination

Solana has significantly closed the gap with Ethereum, particularly in transaction volume, processing 9 billion transactions last month compared to Ethereum's 69 million. It has also surpassed Ethereum in cumulative lifetime transactions. This highlights Solana's high-throughput, low-cost architecture designed for real-time usage. Major partnerships, such as with Visa for stablecoin settlements and Western Union's upcoming stablecoin launch, underscore its growing institutional adoption. Solana has even overtaken Ethereum in real-world asset (RWA) holders. However, a complete "flippening" depends on broader factors like capital inflows, developer activity, and network confidence. While Solana's smaller market cap suggests greater growth potential, Ethereum's Layer-2 scaling strategy strengthens its ecosystem. The outcome remains uncertain, with trade-offs on both sides.

bitcoinistHace 48 min(s)

Will Solana Flip Ethereum Soon? SOL Takes First Step Toward Total Domination

bitcoinistHace 48 min(s)

Spending $200 to Buy Stars, Scamming VCs Out of Tens of Millions: The Entire GitHub Fake Star Industry Exposed

A peer-reviewed study from Carnegie Mellon University (CMU) reveals that GitHub hosts approximately 6 million fake Stars, involving 18,600 repositories and 301,000 accounts, with AI/LLM projects being the largest non-malicious category for fake engagement. The fake Star market has exploded, with prices as low as $0.03 per Star. Research shows that venture capital firms, such as Redpoint Ventures, use GitHub Star counts as a key metric for evaluating startups, with median Stars at 2,850 for seed-stage funding. For less than $200, a project can artificially meet this threshold, distorting investment landscape. Over a dozen websites openly sell GitHub Stars, and fake Star activity saw explosive growth in 2024. AI-related repositories were among the most heavily affected. Despite GitHub’s policies against fake engagement, enforcement remains inconsistent: while 90% of flagged repositories were deleted, only 57% of involved accounts were suspended. The report highlights how purchased Stars can manipulate GitHub’s Trending algorithm and influence VC funding decisions, creating a cycle where artificial metrics attract real investment.

marsbitHace 51 min(s)

Spending $200 to Buy Stars, Scamming VCs Out of Tens of Millions: The Entire GitHub Fake Star Industry Exposed

marsbitHace 51 min(s)

Will the Fed Still Cut Interest Rates? Tonight's Data Is Crucial

The core debate surrounding the Federal Reserve's potential interest rate cuts is intensifying amid geopolitical conflict and rebounding inflation. The key question is whether high energy prices will cause persistent inflation or weaken consumer demand enough to force the Fed to cut rates. Citigroup presents a bullish case for cuts, arguing that oil supply disruptions from the Strait of Hormuz are temporary and will not lead to lasting inflationary pressure. They point to receding bond yields and oil prices as evidence the market is pricing in a short-lived shock. Citi's data also shows tightening financial conditions, a stabilizing labor market, and healthy tax returns, supporting their view that the path to lower rates remains open. Conversely, Deutsche Bank offers a starkly contrasting, more hawkish outlook. They argue the Fed's current policy is already neutral and expect rates to remain unchanged indefinitely. Their view is based on stalled disinflation progress and a shift toward more hawkish rhetoric from key Fed officials like Waller, who cited risks from prolonged Middle East conflict and tariffs. Other officials, including Williams and Hammack, signaled rates would likely stay on hold for a "considerable time." The market pricing has shifted dramatically, now forecasting zero cuts in 2026. The imminent release of the March retail sales "control group" data is highlighted as a critical test. This metric, which excludes gas station sales, will reveal if high gasoline prices are eroding consumer spending in other areas. A weak reading could support the case for imminent rate cuts, while a strong one would bolster the argument for the Fed to hold steady. This data is pivotal for determining the near-term policy path.

marsbitHace 1 hora(s)

Will the Fed Still Cut Interest Rates? Tonight's Data Is Crucial

marsbitHace 1 hora(s)

Trading

Spot
Futuros
活动图片