According to the cybersecurity non-profit organization Security Alliance (SEAL), there has been an increase in the number of cases in which cryptocurrency ejection tools are being uploaded to websites recently by exploiting vulnerabilities in the open source front-end JavaScript library React.
React is especially used for building user interfaces in web applications. On December 3, the React team revealed that white hat hacker Lachlan Davidson had discovered a security vulnerability in the software that could allow unauthenticated remote code execution. This could allow an attacker to inject and execute their own code.
According to SEAL, malicious attackers are using vulnerability CVE-2025-55182 to covertly add code to encrypted websites to expose wallets.
“Through recent React CVE exploits, we have observed a significant increase in drainers being uploaded to legitimate cryptocurrency websites. All websites should now check their front-end code for suspicious assets,” the SEAL team said.
“This attack doesn’t just target the Web3 protocol! All websites are at risk. Users should be careful when signing permissions.”
Wallet drainers typically trick users into signing transactions through methods such as fake pop-ups offering rewards and similar tactics.
sauce: security alliance
Websites with phishing warnings should check their code
The SEAL team said the affected websites may have been suddenly flagged as a potential phishing risk without explanation. They recommend that website hosts take precautions to ensure there are no hidden sources of wastewater that could put users at risk.
“Scan your hosts for CVE-2025-55182. Check to see if your front-end code is suddenly loading assets from hosts it doesn’t recognize. Check for obfuscated JavaScript in scripts loaded by your front-end code. Check to see if your wallet is displaying the correct recipient in the signature signature request,” they said.
Related: North Korea’s ‘fake Zoom’ crypto hack is now an everyday threat: SEALs
“If your project is blocked, that may be the reason. Please review your code first before requesting removal of a phishing page warning,” the SEAL team added.
React releases vulnerability fix
The React team published a fix for CVE-2025-55182 on December 3rd and advised anyone using react-server-dom-webpack, react-server-dom-parcel, or react-server-dom-turbopack to upgrade immediately to resolve the vulnerability.
“If your app’s React code does not use a server, your app is not affected by this vulnerability. If your app does not use a framework, bundler, or bundler plugin that supports React server components, your app is not affected by this vulnerability,” the team added.
magazine: Introducing on-chain crypto detectives who fight crime better than the police
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
