Hackers are exploiting a JavaScript library to plant crypto drainers

cointelegraphPublicado em 2025-12-15Última atualização em 2025-12-15

Resumo

A recent surge in crypto drainer attacks is exploiting a critical vulnerability (CVE-2025-55182) in the React JavaScript library, as reported by cybersecurity nonprofit Security Alliance (SEAL). The vulnerability, which allows unauthenticated remote code execution, was disclosed on December 3 after being discovered by a white hat hacker. Attackers are using this flaw to inject wallet-draining code into legitimate crypto websites, often tricking users into signing malicious transactions through fake pop-ups or reward offers. SEAL warns that affected websites may be flagged as phishing risks and urges all site owners to immediately scan their front-end code for suspicious or obfuscated scripts, unrecognized assets, and incorrect recipient addresses in signature requests. The React team has released a patch for the vulnerability and recommends that users of react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack upgrade immediately. Apps not using React Server Components or a server are not affected.

There has been a recent uptick in crypto drainers being uploaded to websites through a vulnerability in the open-source front-end JavaScript library React, according to cybersecurity nonprofit Security Alliance (SEAL).

React is used for building user interfaces, especially in web applications. The React team disclosed on Dec. 3 that a white hat hacker, Lachlan Davidson, found a security vulnerability in its software that allowed unauthenticated remote code execution, which can allow an attacker to insert and run their own code.

According to SEAL, bad actors have been using the vulnerability, CVE-2025-55182, to secretly add wallet-draining code to crypto websites.

“We are observing a big uptick in drainers uploaded to legitimate crypto websites through exploitation of the recent React CVE. All websites should review front-end code for any suspicious assets NOW,” the SEAL Team said.

“The attack is targeting not only Web3 protocols! All websites are at risk. Users should exercise caution when signing ANY permit signature.”

Wallet drainers typically dupe users into signing a transaction through methods such as a sham pop-up offering rewards or similar tactics.

Source: Security Alliance

Websites with phishing warning should check code

Affected websites may have been suddenly flagged as a possible phishing risk without explanation, according to the SEAL Team. They recommend website hosts take precautions to ensure there are no hidden drainers that could put users at risk.

“Scan host for CVE-2025-55182. Check if your front-end code is suddenly loading assets from hosts you do not recognize. Check if any of the scripts loaded by your front end code are obfuscated JavaScript. Inspect if the wallet is showing the correct recipient on the signature signing request,” they said.

Related: North Korean ‘fake Zoom’ crypto hacks now a daily threat: SEAL

“If your project is getting blocked, that may be the reason. Please review your code first before requesting phishing page warning removal,” the SEAL Team added.

React has released a fix for the vulnerability

The React team published a fix for CVE-2025-55182 on Dec. 3 and advises anyone using the react-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack, to upgrade immediately and close the vulnerability.

“If your app’s React code does not use a server, your app is not affected by this vulnerability. If your app does not use a framework, bundler, or bundler plugin that supports React Server Components, your app is not affected by this vulnerability,” the team added.

Magazine: Meet the onchain crypto detectives fighting crime better than the cops

Leituras Relacionadas

Has Microsoft Lost Its Way in the AI Race, and Can Copilot Bring It Back on Track?

Microsoft, once seen as an early AI frontrunner due to its investment in OpenAI, is navigating a strategic shift amid increased competition. Its initial reliance on OpenAI’s GPT models has been complicated by OpenAI’s growing ambitions as a direct competitor, rapid advancements from rivals like Claude and Gemini, and the disruptive rise of AI agents, which challenge its traditional SaaS business model. These factors contributed to stock declines and slower-than-expected adoption of its flagship Copilot products. In response, CEO Satya Nadella has taken a hands-on role in product development, signaling the urgency of change. Microsoft is pivoting from a model-centric strategy to a "model-agnostic" enterprise platform approach. It aims to become the foundational layer connecting various AI models—from OpenAI, Anthropic, or its own new "Superintelligence" team—with enterprise workflows, data, security, and cloud services. Recent organizational changes merged consumer and enterprise Copilot teams to accelerate innovation, exemplified by new products like Copilot Tasks and Copilot Cowork. However, this transformation comes at a high cost. Microsoft faces massive capital expenditures, potentially reaching ~$190 billion by 2026, to support AI infrastructure. While its platform strategy shows early signs of traction with growing Azure AI revenue, it must balance startup-like agility with the reliability expected by enterprise clients. The core challenge is no longer being the sole AI winner but defending its position as the essential enterprise software entry point amidst rapid technological commoditization and the shift towards always-on AI agents.

marsbitHá 23m

Has Microsoft Lost Its Way in the AI Race, and Can Copilot Bring It Back on Track?

marsbitHá 23m

Why Haven't Forex Stablecoins Taken Off?

Why FX Stablecoins Never Took Off: A Path Forward via Synthetic FX Despite the explosive growth of stablecoin-powered digital banking, which has seen ~$6B in VC investment and a 24x surge in crypto card spending in under a year, a major limitation persists: these banks are essentially dollar-only accounts. This leaves 95-99% of global accounts, which are denominated in non-USD currencies, underserved. Attempts to create native foreign currency (FX) stablecoins (like EURC) have largely failed, with total FX stablecoin TVL at ~$600M compared to $400B for USD stablecoins—a 700x gap. These FX tokens face critical challenges: fragile pegs due to low liquidity, limited exchange/FinTech acceptance, poor on/off-ramps, complex regional compliance, and a chicken-and-egg adoption problem. The article argues that the solution lies not in competing with entrenched USD stablecoin networks (USDT/USDC), but in adopting a synthetic FX model inspired by traditional finance. Specifically, it advocates for Mark-to-Market Non-Deliverable Forwards (NDFs)—cash-settled FX derivatives that allow users to maintain underlying USD stablecoin holdings while having their account balance and P&L denominated in a foreign currency. This approach offers key advantages: strong oracle-based pegs, retention of deep USD stablecoin liquidity and yield, superior on/off-ramps, scalability to any currency with a reliable feed, and capital efficiency. It mirrors how modern institutional FX markets operate. Primary use cases for on-chain NDFs include: 1. **Digital Banks/Wallets:** Enabling multi-currency accounts for international users without leaving the USD stablecoin ecosystem, boosting deposits and retention. 2. **FX Carry Trade Vaults:** Offering access to sovereign interest rate differentials (e.g., earning yield on BRL) in a more stable and scalable format than crypto-native products like Ethena. 3. **Global Enterprise Payments:** Allowing merchants to receive payments in local currency equivalents while settling in USD stablecoins, similar to services offered by Stripe for fiat. The conclusion is that synthetic FX, not native FX stablecoins, is the viable path to integrating foreign exchange into the growing stablecoin digital banking landscape, potentially unlocking the next phase of institutional DeFi and multi-trillion-dollar global adoption.

链捕手Há 58m

Why Haven't Forex Stablecoins Taken Off?

链捕手Há 58m

Hope For Altcoin Season: The Bitcoin Move That Could Kickstart Everything

"Hope For Altcoin Season: The Bitcoin Move That Could Kickstart Everything" analyzes the potential for a new altcoin season. Despite prolonged underperformance against Bitcoin and a low Altcoin Season Index, analysis from Cryptollica suggests altcoin dominance is currently at a long-term floor within a rising channel dating to 2017—a level from which past major altcoin rotations in 2017 and 2021 began. However, a confirmed breakout requires specific signals currently absent: ETH/BTC needs to bottom, and stablecoin liquidity must grow as Bitcoin dominance declines. While not yet showing strength, the current setup is described as a "waiting room" rather than a dead market. If altcoin dominance breaks out to the channel's upper trendline, the total market cap of altcoins outside the top 10 could surge significantly relative to Bitcoin's.

bitcoinistHá 59m

Hope For Altcoin Season: The Bitcoin Move That Could Kickstart Everything

bitcoinistHá 59m

IOSG Founder: Web3 Is 'Losing Blood,' How Can Practitioners Survive Better?

IOSG Founder: Web3 Is "Bleeding Out" – How Can Practitioners Survive Better? In a candid reflection, the founder of IOSG Ventures voices deep concerns about the current state of Web3, describing an ecosystem experiencing severe "blood loss." Despite the recent MuShanghai event showcasing a successful pivot towards a more diverse, global community, a somber reality persists: many crypto-native attendees were there exploring exits or new labels in biotech, AI, and robotics. The core issue is identified as a breakdown in the ecosystem's positive feedback loop. Alarmingly, underestimated "low-probability bad events" are occurring simultaneously: a significant brain drain of Chinese developers to AI, a lack of breakout applications despite massive funding, and a widening credibility gap for practitioners globally, often stigmatized as scam artists. This has created a dire接班人 (successor) problem, with the next generation seeing little professional prestige or financial upside in crypto compared to fields like AI. A significant portion of the critique focuses on Ethereum and Vitalik Buterin. While not pessimistic about Ethereum's technology, the founder worries that critical development windows were missed by focusing on niche technical narratives like ZK and L2 instead of mass-market applications. A more urgent concern is that Vitalik may be isolated in an "information bubble," shielded from the grassroots community's hardships by layers of intermediaries, preventing crucial feedback from reaching him. The call is for Vitalik to return to a founder's mindset, re-engage directly with the community, and rally efforts for the next decade. The divergence between U.S. and Chinese OG (Original Gangster) ecosystems is stark. While many U.S. builders reinvest their wealth into the ecosystem, the Chinese scene suffers from a severe lack of "造血能力" (blood-making ability), with most market-driven funds struggling and many early success stories cashing out entirely. This threatens the entire Asian Web3 ecosystem's survival. For individual practitioners, survival advice is pragmatic: find your core "why," maintain life balance beyond token prices, continuously learn new skills (like AI), form small, trusted alliances for mutual support, and practice self-compassion. The industry's greatest need is not money or tech, but lighthouses—individuals at all levels who offer mentorship, grants, referrals, and honest reflection to guide others. The piece concludes with a direct appeal: OGs must pay forward the opportunities the industry gave them; founders must not struggle alone; and builders must continue their work, ensuring it remains a viable profession. The survival of Web3's "cathedral" depends not on any single leader but on the collective responsibility of everyone who remains.

marsbitHá 1h

IOSG Founder: Web3 Is 'Losing Blood,' How Can Practitioners Survive Better?

marsbitHá 1h

Deficits, Inflation, and the New Fed: The Deep Logic Behind US Bond Yields Breaking 5% and the Market Reset

In the week of May 15-19, 2026, U.S. long-term Treasury yields surged to multi-year highs, with the 30-year yield hitting 5.2%, a level unseen since 2007, and the 10-year yield climbing to 4.687%. Equity markets declined in response. Four primary factors are driving the rise in yields. First, stubborn inflation persists, with April wholesale prices rising 6% year-over-year, fueling expectations of potential future Fed rate hikes instead of cuts. Second, newly confirmed Fed Chair Kevin Warsh inherits a complex inflation battle, with markets closely awaiting his first FOMC meeting. Third, deteriorating U.S. fiscal health, marked by large deficits and rising debt servicing costs, is eroding the traditional "safe-haven" premium for Treasuries. Fourth, the "One Big Beautiful Bill" tax cuts are projected to add trillions to the national debt, contributing to Moody's recent credit rating downgrade. Rising yields pressure stocks through several channels: a higher discount rate reduces the present value of future earnings (especially for growth stocks); rising risk-free rates compress equity risk premiums, making bonds relatively more attractive; higher borrowing costs impact consumers and corporations; and a stronger dollar affects multinational earnings. For investors, the environment favors value and financial stocks over long-duration growth stocks. Bond investors find attractive yields in short to intermediate maturities, while income investors see the best fixed-income opportunities in over a decade. Key developments to watch include Chair Warsh's first FOMC meeting, upcoming inflation data, Treasury auction demand, and whether the 30-year yield approaches 6%, a level that could trigger a more sustained equity valuation reset. The bond market's message is clear: the era of cheap government borrowing is over, posing a central challenge for markets in late 2026.

marsbitHá 1h

Deficits, Inflation, and the New Fed: The Deep Logic Behind US Bond Yields Breaking 5% and the Market Reset

marsbitHá 1h

Trading

Spot
Futuros

Artigos em Destaque

O que é GENIUS

I. Introdução ao Projeto1. O Que É Genius?Genius (GENIUS) é posicionado como o “terminal definitivo em cadeia”, uma plataforma de negociação descentralizada focada na privacidade e na velocidade. Ao integrar tecnologia de privacidade de topo, visa construir uma infraestrutura de negociação em privacidade de próxima geração em redes como a BNB Chain, permitindo que os utilizadores interajam em cadeia com uma experiência fluida comparável às trocas centralizadas.2. Como Funciona o Genius?A arquitetura técnica central do Genius está estruturada da seguinte forma:(1) Invisível na cadeia: Os utilizadores não precisam de lidar manualmente com aprovações em múltiplas etapas para operações cross-chain, embrulhamento de ativos ou gestão complexa de gás.(2) Negociação sem Assinatura: Através de integrações como a Turnkey, o Genius permite negociações instantâneas sem confirmações pop-up ou autorizações por transação.(3) Agregador de Agregadores: O Genius é alimentado por uma pilha de agregação de classe mundial integrada com mais de 150 DEXs, reivindicando uma eficiência de citação superior em comparação com produtos concorrentes.(4) Gestão de Contas: A plataforma adota uma arquitetura não custodial e utiliza o Turnkey e o Lit Protocol para gestão de chaves, permitindo que os utilizadores acedam às suas contas de forma segura através de chaves de acesso.3. Quem Criou o Genius?De acordo com os seus Termos de Serviço oficiais, o Genius foi desenvolvido pela Shuttle Labs, Inc. Com base na conta oficial do projeto no X, Ryan Myher é um dos principais colaboradores que impulsionam a iteração do produto, incluindo desenvolvimentos como a implementação do protocolo Ghost, bem como um maior envolvimento da comunidade.O fundador da Binance, CZ, juntou-se oficialmente ao projeto como conselheiro, com o objetivo de ajudar a equipa a construir uma experiência de negociação em cadeia mais rápida e que preserve a privacidade.Além disso, o projeto recebeu um forte apoio da YZi Labs, que investiu no Genius e trabalha ao lado da Genius Foundation, responsável pela manutenção do núcleo do Genius Bridge Protocol (GBP).4. Tokenomics do GeniusGENIUS é o token nativo do ecossistema Genius. Até ao momento, o projeto não lançou um documento completo de tokenomics.Com base nas últimas divulgações oficiais, o Genius incorpora um mecanismo deflacionário, e 4,6% do fornecimento total de tokens já foi queimado durante a fase inicial de lançamento.Sistema de Pontos Genius (GP):(1) Trade-to-Earn: A plataforma estabeleceu um pool de recompensas de 200 milhões de Pontos Genius, e os utilizadores ganham GP por cada negociação executada através do terminal.(2) Níveis e Distintivos: O Genius apresenta um sistema de distintivos baseado em progressão que varia de Smart a God, com níveis mais altos a desbloquear benefícios e vantagens adicionais.(3) Rendimento Nativo: Os utilizadores que detêm ativos designados como usdGG no painel podem ganhar rendimento nativo diretamente sem passar por staking complexo.(4) Incentivos de Referência: Os referenciadores podem ganhar reembolsos de taxas superiores a 45% pagos em USDC, juntamente com GP adicionais.5. Cronograma & Principais MarcosMarço de 2020: A conta oficial do projeto no X foi criada, marcando o início da sua fase de preparação inicial.13 de janeiro de 2026: O Genius anunciou um investimento de vários milhões de dólares da YZi Labs e simultaneamente confirmou CZ como conselheiro para acelerar a construção da sua infraestrutura de negociação em privacidade.18 de abril de 2026: O projeto anunciou que o protocolo de privacidade Ghost seria lançado em breve.29 de abril de 2026: O protocolo Ghost abriu oficialmente para os seus primeiros 50 testadores, marcando o início de uma nova era para a negociação em privacidade na BNB Chain. Ao mesmo tempo, a equipa confirmou que 4,6% dos tokens foram queimados.​II. Informação sobre o Token1) Informação BásicaNome do token: GENIUS (Genius)III. Links RelacionadosWebsite:https://www.tradegenius.com/homeExploradores:https://bscscan.com/address/0x1f12b85aac097e43aa1555b2881e98a51090e9a6Sociais:https://x.com/GeniusTerminalNota: A introdução ao projeto provém dos materiais publicados ou fornecidos pela equipa oficial do projeto, que é apenas para referência e não constitui aconselhamento de investimento. A HTX não se responsabiliza por quaisquer perdas diretas ou indiretas resultantes.

315 Visualizações TotaisPublicado em {updateTime}Atualizado em 2026.05.12

O que é GENIUS

Como comprar GENIUS

Bem-vindo à HTX.com!Tornámos a compra de Genius (GENIUS) simples e conveniente.Segue o nosso guia passo a passo para iniciar a tua jornada no mundo das criptos.Passo 1: cria a tua conta HTXUtiliza o teu e-mail ou número de telefone para te inscreveres numa conta gratuita na HTX.Desfruta de um processo de inscrição sem complicações e desbloqueia todas as funcionalidades.Obter a minha contaPasso 2: vai para Comprar Cripto e escolhe o teu método de pagamentoCartão de crédito/débito: usa o teu visa ou mastercard para comprar Genius (GENIUS) instantaneamente.Saldo: usa os fundos da tua conta HTX para transacionar sem problemas.Terceiros: adicionamos métodos de pagamento populares, como Google Pay e Apple Pay, para aumentar a conveniência.P2P: transaciona diretamente com outros utilizadores na HTX.Mercado de balcão (OTC): oferecemos serviços personalizados e taxas de câmbio competitivas para os traders.Passo 3: armazena teu Genius (GENIUS)Depois de comprar o teu Genius (GENIUS), armazena-o na tua conta HTX.Alternativamente, podes enviá-lo para outro lugar através de transferência blockchain ou usá-lo para transacionar outras criptomoedas.Passo 4: transaciona Genius (GENIUS)Transaciona facilmente Genius (GENIUS) no mercado à vista da HTX.Acede simplesmente à tua conta, seleciona o teu par de trading, executa as tuas transações e monitoriza em tempo real.Oferecemos uma experiência de fácil utilização tanto para principiantes como para traders experientes.

178 Visualizações TotaisPublicado em {updateTime}Atualizado em 2026.05.12

Como comprar GENIUS

Como comprar MEGA

Bem-vindo à HTX.com!Tornámos a compra de MegaETH (MEGA) simples e conveniente.Segue o nosso guia passo a passo para iniciar a tua jornada no mundo das criptos.Passo 1: cria a tua conta HTXUtiliza o teu e-mail ou número de telefone para te inscreveres numa conta gratuita na HTX.Desfruta de um processo de inscrição sem complicações e desbloqueia todas as funcionalidades.Obter a minha contaPasso 2: vai para Comprar Cripto e escolhe o teu método de pagamentoCartão de crédito/débito: usa o teu visa ou mastercard para comprar MegaETH (MEGA) instantaneamente.Saldo: usa os fundos da tua conta HTX para transacionar sem problemas.Terceiros: adicionamos métodos de pagamento populares, como Google Pay e Apple Pay, para aumentar a conveniência.P2P: transaciona diretamente com outros utilizadores na HTX.Mercado de balcão (OTC): oferecemos serviços personalizados e taxas de câmbio competitivas para os traders.Passo 3: armazena teu MegaETH (MEGA)Depois de comprar o teu MegaETH (MEGA), armazena-o na tua conta HTX.Alternativamente, podes enviá-lo para outro lugar através de transferência blockchain ou usá-lo para transacionar outras criptomoedas.Passo 4: transaciona MegaETH (MEGA)Transaciona facilmente MegaETH (MEGA) no mercado à vista da HTX.Acede simplesmente à tua conta, seleciona o teu par de trading, executa as tuas transações e monitoriza em tempo real.Oferecemos uma experiência de fácil utilização tanto para principiantes como para traders experientes.

196 Visualizações TotaisPublicado em {updateTime}Atualizado em 2026.04.30

Como comprar MEGA

Discussões

Bem-vindo à Comunidade HTX. Aqui, pode manter-se informado sobre os mais recentes desenvolvimentos da plataforma e obter acesso a análises profissionais de mercado. As opiniões dos utilizadores sobre o preço de A (A) são apresentadas abaixo.

活动图片

Categorias popularesright-arrow

Etiquetas Popularesright-arrow