Crypto Wallets Targeted In JavaScript Library Exploit—Cybersecurity Firm

bitcoinistОпубликовано 2025-12-16Обновлено 2025-12-16

Введение

A critical vulnerability (CVE-2025-55182) in React Server Components (versions 19.0 to 19.2.0) is being actively exploited to inject malicious code into websites and steal cryptocurrency from connected wallets. The flaw, which allows unauthenticated attackers to execute arbitrary code on affected servers, has led to wallet-draining campaigns across multiple crypto sites. Cybersecurity firm Security Alliance (SEAL) warns that attackers are using the exploit to inject scripts that hijack or redirect transactions by altering user interfaces or swapping addresses. Over 50 organizations have reported compromise attempts, with scanning tools and exploit kits rapidly spreading in underground forums. Patched versions (19.0.1, 19.1.2, 19.2.1) are available, and all affected sites are urged to update immediately.

A critical flaw in React Server Components is being used by attackers to inject malicious code into live websites, and that code is siphoning crypto from connected wallets.

Reports note that the vulnerability, tracked as CVE-2025-55182, was published by the React team on December 3 and carries a maximum severity rating.

Cybersecurity firm Security Alliance (SEAL) has confirmed that multiple crypto websites are actively being targeted, and they urge operators to review all React Server Components immediately to prevent wallet-draining attacks.

Security teams say the bug allows an unauthenticated attacker to run code on affected servers, which has been turned into wallet-draining campaigns across several sites.

Image: Shutterstock

A Wide Risk To Sites Using Server Components

SEAL said the flaw affects React Server Components packages in versions 19.0 through 19.2.0, and patched releases such as 19.0.1, 19.1.2, and 19.2.1 were issued after disclosure.

The vulnerability works by exploiting unsafe deserialization in the Flight protocol, letting a single crafted HTTP request execute arbitrary code with the web server’s privileges. Security teams have warned that many sites using default configurations are at risk until they apply the updates.

Attackers Inject Wallet-Draining Scripts Into Compromised Pages

According to industry posts, threat actors are using the exploit to plant scripts that prompt users to connect Web3 wallets and then hijack or redirect transactions.

In some cases the injected code alters the user interface or swaps addresses, so a user believes they are sending funds to one account while the transaction actually pays an attacker. This method can hit users who trust familiar crypto sites and connect wallets without checking every approval.

BTCUSD now trading at $89,626. Chart: TradingView

Scanners And Proof-Of-Concepts Flooded Underground Forums

Security researchers report a rush of scanning tools, fake proof-of-concept code, and exploit kits shared in underground forums shortly after the vulnerability was disclosed.

Cloud and threat-intelligence teams have observed multiple groups scanning for vulnerable servers and testing payloads, which has accelerated active exploitation.

Some defenders say that the speed and volume of scanning have made it hard to stop all attempts before patches are applied.

More Than 50 Organizations Reported Compromise Attempts

Based on reports from incident responders, post-exploitation crypto activity has been observed at more than 50 organizations across finance, media, government, and tech.

In several investigations, attackers established footholds and then used those to deliver further malware or to seed front-end code that targets wallet users.

SEAL has emphasized that organizations failing to patch or monitor their servers could experience further attacks, and ongoing monitoring is essential until all systems are verified safe.

Featured image from Unsplash, chart from TradingView

Похожее

L1 is Dead, Long Live Appchain

"L1 is Dead, Appchain Rises" critiques the failure of current Layer-1 (L1) blockchain models, arguing their tokens are trending toward zero. The author identifies key flaws: linear token emissions that incentivize selling rather than value creation, weak value propositions like "gas token" and "governance" narratives, mismanagement by bloated "foundations" or "labs" that drain value through excessive spending and token sales, and poor industry leadership focused on short-term narratives and overhyped trends like RaaS and high TPS. The solution proposed is a fundamental shift. New L1 token models are needed, moving away from the "low float, high FDV" paradigm that disadvantages retail investors. Fundraising should be sufficient only for launch, not excessive. Token unlocks should be tied to real milestones like CEX listings or DeFi integration. The ultimate goal should be for L1 tokens to become widely used mediums of exchange, not just fuel for networks. Value is increasingly moving to the application layer, with successful apps building their own chains (appchains). The author concludes that L1s must build sustainable value by creating useful applications and services, fostering strong holder communities, and achieving self-sustainability without relying on continuous token emissions.

marsbit1 ч. назад

L1 is Dead, Long Live Appchain

marsbit1 ч. назад

An Open-Source AI Tool That No One Saw Predicted Kelp DAO's $292 Million Vulnerability 12 Days Ago

An open-source AI security tool flagged critical risks in Kelp DAO’s cross-chain architecture 12 days before a $292 million exploit on April 18, 2026—the largest DeFi incident of the year. The vulnerability was not in the smart contracts but in the configuration of LayerZero’s cross-chain bridge: a 1-of-1 Decentralized Verifier Network (DVN) setup allowed an attacker to forge cross-chain messages with a single compromised node. The tool, which performs AI-assisted architectural risk assessments using public data, identified several unremediated risks, including opaque DVN configuration, single-point-of-failure across 16 chains, unverified cross-chain governance controls, and similarities to historical bridge attacks like Ronin and Harmony. It also noted the absence of an insurance pool, which amplified losses as Aave and other protocols absorbed nearly $300M in bad debt. The attack unfolded over 46 minutes: the attacker minted 116,500 rsETH on Ethereum via a fraudulent message, used it as collateral to borrow WETH on lending platforms, and laundered funds through Tornado Cash. While an emergency pause prevented two subsequent attacks worth ~$200M, the damage was severe. The tool’s report, committed to GitHub on April 6, scored Kelp DAO a medium-risk 72/100—later acknowledged as too lenient. It failed to query on-chain DVN configurations or initiate private disclosure, highlighting gaps in current DeFi security approaches that focus on code audits but miss config-level and governance risks. The incident underscores the need for independent, AI-powered risk assessment tools that evaluate protocol architecture, not just code.

marsbit1 ч. назад

An Open-Source AI Tool That No One Saw Predicted Kelp DAO's $292 Million Vulnerability 12 Days Ago

marsbit1 ч. назад

Figma's Stock Drops Over 7%, Is Claude Design the One to End It All?

Figma's stock fell over 7% following Anthropic's announcement of Claude Design, an experimental AI-powered design tool. Driven by the Opus 4.7 model, Claude Design generates prototypes, slides, and visual content, directly challenging Figma and Canva. A key feature is its seamless handoff capability to Claude Code, enabling a closed loop from design to development. The tool automatically reads existing code and design files to create tailored design systems, though early users report high token usage and bugs. The release follows a series of strategic moves by Anthropic, including limited releases of advanced models and high-level regulatory meetings. With a rumored $800 billion valuation and potential IPO by October, Anthropic is shifting from selling AI models to building end-user products, positioning itself as a competitor rather than just a partner to its API users. While Claude Design is not yet a full replacement for professional tools, it threatens to redefine Figma’s user base by enabling rapid prototyping for non-designers and small teams.

marsbit2 ч. назад

Figma's Stock Drops Over 7%, Is Claude Design the One to End It All?

marsbit2 ч. назад

Financing Weekly | 15 Public Financing Events, Paxos Labs Completes $12 Million Financing Led by Blockchain Capital

Last week (April 13-19) saw 15 blockchain funding rounds totaling over $165 million. Key deals include Paxos Labs raising $12 million led by Blockchain Capital to build DeFi infrastructure for stablecoin issuance and lending. In AI+Web3, OpenGradient secured $9.5 million for its verifiable AI compute network. DeFi highlights include Brix's $5.5 million raise for emerging market asset tokenization and Votre's $3.75 million seed round for its on-chain crypto lending platform. In centralized finance, digital banking platform Slash closed a $100 million Series C. Prediction market platform Pumpcade raised $5 million, backed by Jump Crypto. Additionally, DePIN project SHARE completed a seed round led by Greenfield Capital.

marsbit2 ч. назад

Financing Weekly | 15 Public Financing Events, Paxos Labs Completes $12 Million Financing Led by Blockchain Capital

marsbit2 ч. назад

Торговля

Спот
Фьючерсы
活动图片

Популярные категорииright-arrow

Популярные тегиright-arrow