Kripto Al Piyasalar Spot Vadeli İşlemler500X Birikim Etkinlikler

Daha Fazla

A newly discovered loophole in one of the web’s most used development tools is giving hackers a new way to drain cryptocurrency wallets. Cybersecurity researchersA newly discovered loophole in one of the web’s most used development tools is giving hackers a new way to drain cryptocurrency wallets. Cybersecurity researchers

Second JavaScript Exploit in Four Months Exposes Crypto Sites to Wallet Drainers

Yazar: Financemagnates

Kaynak: Financemagnates

2025/12/15 21:38

Paylaş

A newly discovered loophole in one of the web’s most used development tools is giving hackers a new way to drain cryptocurrency wallets.

Cybersecurity researchers have reported a surge in malicious code uploaded to legitimate websites through a vulnerability in the popular JavaScript library React — a tool used by countless crypto platforms for their front-end systems.

Crypto Drainer Attacks Surge via React Flaw

According to Security Alliance (SEAL), a nonprofit cybersecurity organization, criminals are actively exploiting a recently disclosed React vulnerability labeled CVE-2025-55182.

“We are observing a big uptick in drainers uploaded to legitimate crypto websites through exploitation of the recent React CVE,” SEAL stated on X (formerly Twitter). “All websites should review front-end code for any suspicious assets NOW.

HP CEO “Exposes” Ink Cartridge Vulnerability Triggering Legal Storm
Exness Rewards Up to $10,000 in New Bug Bounty Program
How to Increase Business Security Using a Honeypot

The flaw enables unauthenticated remote code execution, allowing attackers to secretly inject wallet-draining scripts into websites. The malicious code tricks users into approving fake transactions via deceptive pop-ups or reward prompts.

Read more: Hackers Exploit JavaScript Accounts in Massive Crypto Attack Reportedly Affecting 1B+ Downloads

SEAL cautioned that some compromised sites may be unexpectedly flagged as phishing risks. The organization advised web administrators to conduct immediate security audits to catch any injected assets or obfuscated JavaScript.

"If your project is getting blocked, that may be the reason. Please review your code first before requesting phishing page warning removal. The attack is targeting not only Web3 protocols! All websites are at risk. Users should exercise caution when signing ANY permit signature."

Phishing Flags and Hidden Drainers

The group warned that developers who find their projects mistakenly blocked as phishing pages should inspect their code first before appealing the warning.

The React development team confirmed on December 3 that it had patched the vulnerability after white hat hacker Lachlan Davidson privately reported the issue.

The fix affects the react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack packages. The team urged all developers using these components to update immediately.

Piyasa Fırsatı

Ambire Wallet Fiyatı(WALLET)

$0,01441

$0,01441$0,01441

+5,25%

USD

Ambire Wallet (WALLET) Canlı Fiyat Grafiği

Sorumluluk Reddi: Bu sitede yeniden yayınlanan makaleler, halka açık platformlardan alınmıştır ve yalnızca bilgilendirme amaçlıdır. MEXC'nin görüşlerini yansıtmayabilir. Tüm hakları telif sahiplerine aittir. Herhangi bir içeriğin üçüncü taraf haklarını ihlal ettiğini düşünüyorsanız, kaldırılması için lütfen service@support.mexc.com ile iletişime geçin. MEXC, içeriğin doğruluğu, eksiksizliği veya güncelliği konusunda hiçbir garanti vermez ve sağlanan bilgilere dayalı olarak alınan herhangi bir eylemden sorumlu değildir. İçerik, finansal, yasal veya diğer profesyonel tavsiye niteliğinde değildir ve MEXC tarafından bir tavsiye veya onay olarak değerlendirilmemelidir.