Share
Share this article
Copy linkX (Twitter)LinkedInFacebookEmail
Tech
Share
Share this article
Copy linkX (Twitter)LinkedInFacebookEmail
New React bug that can drain all your tokens is
Tech
Share
Share this article
Copy linkX (Twitter)LinkedInFacebookEmail
New React bug that can drain all your tokens is
New React bug that can drain all your tokens is impacting 'thousands of' websites
New React bug that can drain all your tokens is impacting 'thousands of' websites
Attackers are using the vulnerability to deploy malware and crypto-mining software, compromising server resources and potentially intercepting wallet interactions on crypto platforms.
By Shaurya Malwa
Updated Dec 16, 2025, 5:25 a.m. Published Dec 16, 2025, 5:25 a.m.
What to know:
- A critical vulnerability in React Server Components, known as React2Shell, is being actively exploited, putting thousands of websites at risk, including crypto platforms.
- The flaw, CVE-2025-55182, allows remote code execution without authentication and affects React versions 19.0 through 19.2.0.
- Attackers are using the vulnerability to deploy malware and crypto-mining software, compromising server resources and potentially intercepting wallet interactions on crypto platforms.
A critical vulnerability in React Server Components is being actively exploited by multiple threat groups, putting thousands of websites — including crypto platforms — at immediate risk with users possibly seeing all their assets drained, if impacted.
The flaw, tracked as CVE-2025-55182 and nicknamed React2Shell, allows attackers to execute code remotely on affected servers without authentication. React’s maintainers disclosed the issue on Dec. 3 and assigned it the highest possible severity score.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the The Protocol Newsletter today. See all newsletters
Sign me up
Shortly after disclosure, GTIG observed widespread exploitation by both financially motivated criminals and suspected state-backed hacking groups, targeting unpatched React and Next.js applications across cloud environments.
Loading...
What the vulnerability does
React Server Components are used to run parts of a web application directly on a server instead of in a user’s browser. The vulnerability stems from how React decodes incoming requests to these server-side functions.
In simple terms, attackers can send a specially crafted web request that tricks the server into running arbitrary commands, or effectively handing over control of the system to the attacker.
The bug affects React versions 19.0 through 19.2.0, including packages used by popular frameworks such as Next.js. Merely having the vulnerable packages installed is often enough to allow exploitation.
How attackers are using it
The Google Threat Intelligence Group (GTIG) documented multiple active campaigns using the flaw to deploy malware, backdoors and crypto-mining software.
Some attackers began exploiting the flaw within days of disclosure to install Monero mining software. These attacks quietly consume server resources and electricity, generating profits for attackers while degrading system performance for victims.
Crypto platforms rely heavily on modern JavaScript frameworks such as React and Next.js, often handling wallet interactions, transaction signing and permit approvals through front-end code.
If a website is compromised, attackers can inject malicious scripts that intercept wallet interactions or redirect transactions to their own wallets— even if the underlying blockchain protocol remains secure.
That makes front-end vulnerabilities particularly dangerous for users who sign transactions through browser wallets.
More For You
Protocol Research: GoPlus Security
Commissioned byGoPlus
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
View Full Report
More For You
Most Influential: Pavel Durov
The Telegram CEO may stand as the most pivotal figure in the bona fide mass adoption of cryptocurrency.
Read full story
Latest Crypto News
ARK steps in as crypto stocks extend multi-day selloff
Bitcoin, ether and XRP extend losses as year-end caution builds
Why Dogecoin’s drop below $0.13 is drawing institutional attention
XRP price weakens at critical level, raising risk of deeper pullback
Bitcoin, AI stock slide sees over $500 million in bullish bets wiped out
Why bitcoin ETFs look like they’re falling short, even as their role grows: Asia Morning Briefing
Top Stories
Bitcoin, ether and XRP extend losses as year-end caution builds
ARK steps in as crypto stocks extend multi-day selloff
Why bitcoin ETFs look like they’re falling short, even as their role grows: Asia Morning Briefing
Why Dogecoin’s drop below $0.13 is drawing institutional attention
Bitcoin, AI stock slide sees over $500 million in bullish bets wiped out
Nasdaq, home of Coinbase, Strategy stocks, seeks 23-hour trading amid investor demand
Piyasa Fırsatı
Wrapped REACT Fiyatı(REACT)
$0.05258
$0.05258$0.05258
USD
Wrapped REACT (REACT) Canlı Fiyat Grafiği
Sorumluluk Reddi: Bu sitede yeniden yayınlanan makaleler, halka açık platformlardan alınmıştır ve yalnızca bilgilendirme amaçlıdır. MEXC'nin görüşlerini yansıtmayabilir. Tüm hakları telif sahiplerine aittir. Herhangi bir içeriğin üçüncü taraf haklarını ihlal ettiğini düşünüyorsanız, kaldırılması için lütfen service@support.mexc.com ile iletişime geçin. MEXC, içeriğin doğruluğu, eksiksizliği veya güncelliği konusunda hiçbir garanti vermez ve sağlanan bilgilere dayalı olarak alınan herhangi bir eylemden sorumlu değildir. İçerik, finansal, yasal veya diğer profesyonel tavsiye niteliğinde değildir ve MEXC tarafından bir tavsiye veya onay olarak değerlendirilmemelidir.
Ayrıca Şunları da Beğenebilirsiniz
The Channel Factories We’ve Been Waiting For
The post The Channel Factories We’ve Been Waiting For appeared on BitcoinEthereumNews.com. Visions of future technology are often prescient about the broad strokes while flubbing the details. The tablets in “2001: A Space Odyssey” do indeed look like iPads, but you never see the astronauts paying for subscriptions or wasting hours on Candy Crush. Channel factories are one vision that arose early in the history of the Lightning Network to address some challenges that Lightning has faced from the beginning. Despite having grown to become Bitcoin’s most successful layer-2 scaling solution, with instant and low-fee payments, Lightning’s scale is limited by its reliance on payment channels. Although Lightning shifts most transactions off-chain, each payment channel still requires an on-chain transaction to open and (usually) another to close. As adoption grows, pressure on the blockchain grows with it. The need for a more scalable approach to managing channels is clear. Channel factories were supposed to meet this need, but where are they? In 2025, subnetworks are emerging that revive the impetus of channel factories with some new details that vastly increase their potential. They are natively interoperable with Lightning and achieve greater scale by allowing a group of participants to open a shared multisig UTXO and create multiple bilateral channels, which reduces the number of on-chain transactions and improves capital efficiency. Achieving greater scale by reducing complexity, Ark and Spark perform the same function as traditional channel factories with new designs and additional capabilities based on shared UTXOs. Channel Factories 101 Channel factories have been around since the inception of Lightning. A factory is a multiparty contract where multiple users (not just two, as in a Dryja-Poon channel) cooperatively lock funds in a single multisig UTXO. They can open, close and update channels off-chain without updating the blockchain for each operation. Only when participants leave or the factory dissolves is an on-chain transaction…
Paylaş
BitcoinEthereumNews2025/09/18 00:09
XRP ETF’s bereiken belangrijke mijlpaal: $1 miljard aan netto instroom
De markt voor crypto-exchange-traded funds (ETF’s) heeft opnieuw een belangrijke mijlpaal bereikt. XRP ETF’s hebben gezamenlijk meer dan 1 miljard dollar aan netto
Paylaş
Coinstats2025/12/16 21:01
XSGD And XUSD Launch On Solana’s Blazing Network In 2025
The post XSGD And XUSD Launch On Solana’s Blazing Network In 2025 appeared on BitcoinEthereumNews.com. StraitsX Stablecoins Unleash Power: XSGD And XUSD Launch
Paylaş
BitcoinEthereumNews2025/12/16 20:59