Share
Share this article
Copy linkX (Twitter)LinkedInFacebookEmail
Tech
Share
Share this article
Copy linkX (Twitter)LinkedInFacebookEmail
New React bug that can drain all your tokens is
Tech
Share
Share this article
Copy linkX (Twitter)LinkedInFacebookEmail
New React bug that can drain all your tokens is
New React bug that can drain all your tokens is impacting 'thousands of' websites
For feedback or concerns regarding this content, please contact us at crypto.news@mexc.com
New React bug that can drain all your tokens is impacting 'thousands of' websites
Attackers are using the vulnerability to deploy malware and crypto-mining software, compromising server resources and potentially intercepting wallet interactions on crypto platforms.
By Shaurya Malwa
Updated Dec 16, 2025, 5:25 a.m. Published Dec 16, 2025, 5:25 a.m.
What to know:
- A critical vulnerability in React Server Components, known as React2Shell, is being actively exploited, putting thousands of websites at risk, including crypto platforms.
- The flaw, CVE-2025-55182, allows remote code execution without authentication and affects React versions 19.0 through 19.2.0.
- Attackers are using the vulnerability to deploy malware and crypto-mining software, compromising server resources and potentially intercepting wallet interactions on crypto platforms.
A critical vulnerability in React Server Components is being actively exploited by multiple threat groups, putting thousands of websites — including crypto platforms — at immediate risk with users possibly seeing all their assets drained, if impacted.
The flaw, tracked as CVE-2025-55182 and nicknamed React2Shell, allows attackers to execute code remotely on affected servers without authentication. React’s maintainers disclosed the issue on Dec. 3 and assigned it the highest possible severity score.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the The Protocol Newsletter today. See all newsletters
Sign me up
Shortly after disclosure, GTIG observed widespread exploitation by both financially motivated criminals and suspected state-backed hacking groups, targeting unpatched React and Next.js applications across cloud environments.
Loading...
What the vulnerability does
React Server Components are used to run parts of a web application directly on a server instead of in a user’s browser. The vulnerability stems from how React decodes incoming requests to these server-side functions.
In simple terms, attackers can send a specially crafted web request that tricks the server into running arbitrary commands, or effectively handing over control of the system to the attacker.
The bug affects React versions 19.0 through 19.2.0, including packages used by popular frameworks such as Next.js. Merely having the vulnerable packages installed is often enough to allow exploitation.
How attackers are using it
The Google Threat Intelligence Group (GTIG) documented multiple active campaigns using the flaw to deploy malware, backdoors and crypto-mining software.
Some attackers began exploiting the flaw within days of disclosure to install Monero mining software. These attacks quietly consume server resources and electricity, generating profits for attackers while degrading system performance for victims.
Crypto platforms rely heavily on modern JavaScript frameworks such as React and Next.js, often handling wallet interactions, transaction signing and permit approvals through front-end code.
If a website is compromised, attackers can inject malicious scripts that intercept wallet interactions or redirect transactions to their own wallets— even if the underlying blockchain protocol remains secure.
That makes front-end vulnerabilities particularly dangerous for users who sign transactions through browser wallets.
More For You
Protocol Research: GoPlus Security
Commissioned byGoPlus
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
View Full Report
More For You
Most Influential: Pavel Durov
The Telegram CEO may stand as the most pivotal figure in the bona fide mass adoption of cryptocurrency.
Read full story
Latest Crypto News
ARK steps in as crypto stocks extend multi-day selloff
Bitcoin, ether and XRP extend losses as year-end caution builds
Why Dogecoin’s drop below $0.13 is drawing institutional attention
XRP price weakens at critical level, raising risk of deeper pullback
Bitcoin, AI stock slide sees over $500 million in bullish bets wiped out
Why bitcoin ETFs look like they’re falling short, even as their role grows: Asia Morning Briefing
Top Stories
Bitcoin, ether and XRP extend losses as year-end caution builds
ARK steps in as crypto stocks extend multi-day selloff
Why bitcoin ETFs look like they’re falling short, even as their role grows: Asia Morning Briefing
Why Dogecoin’s drop below $0.13 is drawing institutional attention
Bitcoin, AI stock slide sees over $500 million in bullish bets wiped out
Nasdaq, home of Coinbase, Strategy stocks, seeks 23-hour trading amid investor demand
Market Opportunity
Wrapped REACT Price(REACT)
$0.01599
$0.01599$0.01599
USD
Wrapped REACT (REACT) Live Price Chart
Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact crypto.news@mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.
You May Also Like
Claude Code has been found to have two caching bugs that could silently increase API costs by 10-20 times.
PANews reported on March 31 that, according to 1M AI News, a developer reverse-engineered a 228MB binary file of the standalone Claude Code installer using Ghidra
Share
PANews2026/03/31 11:37
US President Trump willing to end Iran war without reopening Strait of Hormuz – WSJ
The post US President Trump willing to end Iran war without reopening Strait of Hormuz – WSJ appeared on BitcoinEthereumNews.com. Citing administration officials
Share
BitcoinEthereumNews2026/03/31 11:02
Investors flock to IOTA miners in pursuit of stable returns
The post Investors flock to IOTA miners in pursuit of stable returns appeared on BitcoinEthereumNews.com. After securing a preliminary victory in its protracted legal battle with the U.S. Securities and Exchange Commission (SEC), XRP (Ripple) has once again become a market focus. Within hours of the announcement, on-chain data revealed a discreet transfer of 15,000,000 XRP. While this amount is not significant compared to whale-level holdings, its timing and context have nonetheless drawn market attention: some analysts believe it may be related to liquidity reallocation, adjustments to cross-border payment channels, or early institutional investment. At the same time, market attention is gradually shifting from short-term price fluctuations to more sustainable profit models. Following the XRP legal victory, a large number of small and medium-sized investors have chosen the IOTA Miner cloud mining platform as an alternative to hedge against volatility and achieve stable returns. The platform’s core advantages include: Stable returns: Users receive a fixed daily mining reward regardless of market fluctuations; Low barriers to entry: No expensive hardware required; easy mobile participation; Risk hedging: Withdrawals are possible during price declines, effectively preventing significant losses; Environmentally friendly: The mining pool’s electricity is entirely sourced from renewable energy, making it efficient and sustainable. What is IOTAMiner? Founded in 2018 and headquartered in the UK, IOTAMiner is a reputable global cloud mining platform with seven years of experience, serving over 9 million users in over 100 countries. As the world’s first cloud mining platform integrating artificial intelligence with renewable energy, IOTAMiner maintains a strategic reserve of over 8,000 Bitcoins, operates in full compliance, and is committed to providing users with a 100% return on investment guarantee. IOTA Miner Registration Steps 1. Quick Registration Sign up in just a minute and receive a $15 newbie bonus to start earning immediately. 2. Link Your Wallet and Select Your Currency Link your wallet and select a major cryptocurrency (such as…
Share
BitcoinEthereumNews2025/09/18 02:02
