BorsaDEX+
Kripto AlPiyasalarSpotVadeli İşlemler500XBirikimEtkinlikler
Daha Fazla
ELIZAOS Etkinliği
The post This new React bug can drain your wallets if not caught appeared on BitcoinEthereumNews.com. A critical vulnerability in React Server Components is beingThe post This new React bug can drain your wallets if not caught appeared on BitcoinEthereumNews.com. A critical vulnerability in React Server Components is being

This new React bug can drain your wallets if not caught

Yazar: BitcoinEthereumNewsKaynak: BitcoinEthereumNews
2025/12/16 21:25
Wrapped REACT
REACT$0,04892-5,90%
Notcoin
NOT$0,0005186-3,98%
Cloud
CLOUD$0,08206-2,89%
Suilend
SEND$0,2319+2,15%
Ambire Wallet
WALLET$0,01567-10,04%

A critical vulnerability in React Server Components is being actively exploited by multiple threat groups, putting thousands of websites — including crypto platforms — at immediate risk with users possibly seeing all their assets drained, if impacted.

The flaw, tracked as CVE-2025-55182 and nicknamed React2Shell, allows attackers to execute code remotely on affected servers without authentication. React’s maintainers disclosed the issue on Dec. 3 and assigned it the highest possible severity score.

Shortly after disclosure, GTIG observed widespread exploitation by both financially motivated criminals and suspected state-backed hacking groups, targeting unpatched React and Next.js applications across cloud environments.

Loading…

What the vulnerability does

React Server Components are used to run parts of a web application directly on a server instead of in a user’s browser. The vulnerability stems from how React decodes incoming requests to these server-side functions.

In simple terms, attackers can send a specially crafted web request that tricks the server into running arbitrary commands, or effectively handing over control of the system to the attacker.

The bug affects React versions 19.0 through 19.2.0, including packages used by popular frameworks such as Next.js. Merely having the vulnerable packages installed is often enough to allow exploitation.

How attackers are using it

The Google Threat Intelligence Group (GTIG) documented multiple active campaigns using the flaw to deploy malware, backdoors and crypto-mining software.

Some attackers began exploiting the flaw within days of disclosure to install Monero mining software. These attacks quietly consume server resources and electricity, generating profits for attackers while degrading system performance for victims.

Crypto platforms rely heavily on modern JavaScript frameworks such as React and Next.js, often handling wallet interactions, transaction signing and permit approvals through front-end code.

If a website is compromised, attackers can inject malicious scripts that intercept wallet interactions or redirect transactions to their own wallets— even if the underlying blockchain protocol remains secure.

That makes front-end vulnerabilities particularly dangerous for users who sign transactions through browser wallets.

Source: https://www.coindesk.com/tech/2025/12/16/new-react-bug-that-can-drain-all-your-tokens-is-impacting-thousands-of-websites

Piyasa Fırsatı
Wrapped REACT Logosu
Wrapped REACT Fiyatı(REACT)
$0,04892
$0,04892$0,04892
-6,28%
USD
Wrapped REACT (REACT) Canlı Fiyat Grafiği
Sorumluluk Reddi: Bu sitede yeniden yayınlanan makaleler, halka açık platformlardan alınmıştır ve yalnızca bilgilendirme amaçlıdır. MEXC'nin görüşlerini yansıtmayabilir. Tüm hakları telif sahiplerine aittir. Herhangi bir içeriğin üçüncü taraf haklarını ihlal ettiğini düşünüyorsanız, kaldırılması için lütfen service@support.mexc.com ile iletişime geçin. MEXC, içeriğin doğruluğu, eksiksizliği veya güncelliği konusunda hiçbir garanti vermez ve sağlanan bilgilere dayalı olarak alınan herhangi bir eylemden sorumlu değildir. İçerik, finansal, yasal veya diğer profesyonel tavsiye niteliğinde değildir ve MEXC tarafından bir tavsiye veya onay olarak değerlendirilmemelidir.

Ayrıca Şunları da Beğenebilirsiniz

MoneyGram launches stablecoin-powered app in Colombia

MoneyGram launches stablecoin-powered app in Colombia

The post MoneyGram launches stablecoin-powered app in Colombia appeared on BitcoinEthereumNews.com. MoneyGram has launched a new mobile application in Colombia that uses USD-pegged stablecoins to modernize cross-border remittances. According to an announcement on Wednesday, the app allows customers to receive money instantly into a US dollar balance backed by Circle’s USDC stablecoin, which can be stored, spent, or cashed out through MoneyGram’s global retail network. The rollout is designed to address the volatility of local currencies, particularly the Colombian peso. Built on the Stellar blockchain and supported by wallet infrastructure provider Crossmint, the app marks MoneyGram’s most significant move yet to integrate stablecoins into consumer-facing services. Colombia was selected as the first market due to its heavy reliance on inbound remittances—families in the country receive more than 22 times the amount they send abroad, according to Statista. The announcement said future expansions will target other remittance-heavy markets. MoneyGram, which has nearly 500,000 retail locations globally, has experimented with blockchain rails since partnering with the Stellar Development Foundation in 2021. It has since built cash on and off ramps for stablecoins, developed APIs for crypto integration, and incorporated stablecoins into its internal settlement processes. “This launch is the first step toward a world where every person, everywhere, has access to dollar stablecoins,” CEO Anthony Soohoo stated. The company emphasized compliance, citing decades of regulatory experience, though stablecoin oversight remains fluid. The US Congress passed the GENIUS Act earlier this year, establishing a framework for stablecoin regulation, which MoneyGram has pointed to as providing clearer guardrails. This is a developing story. This article was generated with the assistance of AI and reviewed by editor Jeffrey Albus before publication. Get the news in your inbox. Explore Blockworks newsletters: Source: https://blockworks.co/news/moneygram-stablecoin-app-colombia
Paylaş
BitcoinEthereumNews2025/09/18 07:04
WIF Price Prediction: Targeting $0.48 Recovery Within 2 Weeks as MACD Shows Bullish Divergence

WIF Price Prediction: Targeting $0.48 Recovery Within 2 Weeks as MACD Shows Bullish Divergence

The post WIF Price Prediction: Targeting $0.48 Recovery Within 2 Weeks as MACD Shows Bullish Divergence appeared on BitcoinEthereumNews.com. James Ding Dec 16
Paylaş
BitcoinEthereumNews2025/12/17 17:32
Tokyo’s Metaplanet Launches Miami Subsidiary to Amplify Bitcoin Income

Tokyo’s Metaplanet Launches Miami Subsidiary to Amplify Bitcoin Income

Metaplanet Inc., the Japanese public company known for its bitcoin treasury, is launching a Miami subsidiary to run a dedicated derivatives and income strategy aimed at turning holdings into steady, U.S.-based cash flow. Japanese Bitcoin Treasury Player Metaplanet Opens Miami Outpost The new entity, Metaplanet Income Corp., sits under Metaplanet Holdings, Inc. and is based […]
Paylaş
Coinstats2025/09/18 00:32