BorsaDEX+
Kripto AlPiyasalarSpotVadeli İşlemler500XBirikimEtkinlikler
Daha Fazla
ELIZAOS Etkinliği2000g
The post This new React bug can drain your wallets if not caught appeared on BitcoinEthereumNews.com. A critical vulnerability in React Server Components is beingThe post This new React bug can drain your wallets if not caught appeared on BitcoinEthereumNews.com. A critical vulnerability in React Server Components is being

This new React bug can drain your wallets if not caught

Yazar: BitcoinEthereumNewsKaynak: BitcoinEthereumNews
2025/12/16 21:25
Wrapped REACT
REACT$0.05133-4.41%
Notcoin
NOT$0.0005263-1.58%
Cloud
CLOUD$0.08241-3.68%
Suilend
SEND$0.2333+4.01%
Ambire Wallet
WALLET$0.016-11.74%

A critical vulnerability in React Server Components is being actively exploited by multiple threat groups, putting thousands of websites — including crypto platforms — at immediate risk with users possibly seeing all their assets drained, if impacted.

The flaw, tracked as CVE-2025-55182 and nicknamed React2Shell, allows attackers to execute code remotely on affected servers without authentication. React’s maintainers disclosed the issue on Dec. 3 and assigned it the highest possible severity score.

Shortly after disclosure, GTIG observed widespread exploitation by both financially motivated criminals and suspected state-backed hacking groups, targeting unpatched React and Next.js applications across cloud environments.

Loading…

What the vulnerability does

React Server Components are used to run parts of a web application directly on a server instead of in a user’s browser. The vulnerability stems from how React decodes incoming requests to these server-side functions.

In simple terms, attackers can send a specially crafted web request that tricks the server into running arbitrary commands, or effectively handing over control of the system to the attacker.

The bug affects React versions 19.0 through 19.2.0, including packages used by popular frameworks such as Next.js. Merely having the vulnerable packages installed is often enough to allow exploitation.

How attackers are using it

The Google Threat Intelligence Group (GTIG) documented multiple active campaigns using the flaw to deploy malware, backdoors and crypto-mining software.

Some attackers began exploiting the flaw within days of disclosure to install Monero mining software. These attacks quietly consume server resources and electricity, generating profits for attackers while degrading system performance for victims.

Crypto platforms rely heavily on modern JavaScript frameworks such as React and Next.js, often handling wallet interactions, transaction signing and permit approvals through front-end code.

If a website is compromised, attackers can inject malicious scripts that intercept wallet interactions or redirect transactions to their own wallets— even if the underlying blockchain protocol remains secure.

That makes front-end vulnerabilities particularly dangerous for users who sign transactions through browser wallets.

Source: https://www.coindesk.com/tech/2025/12/16/new-react-bug-that-can-drain-all-your-tokens-is-impacting-thousands-of-websites

Piyasa Fırsatı
Wrapped REACT Logosu
Wrapped REACT Fiyatı(REACT)
$0.05133
$0.05133$0.05133
-1.66%
USD
Wrapped REACT (REACT) Canlı Fiyat Grafiği
Sorumluluk Reddi: Bu sitede yeniden yayınlanan makaleler, halka açık platformlardan alınmıştır ve yalnızca bilgilendirme amaçlıdır. MEXC'nin görüşlerini yansıtmayabilir. Tüm hakları telif sahiplerine aittir. Herhangi bir içeriğin üçüncü taraf haklarını ihlal ettiğini düşünüyorsanız, kaldırılması için lütfen service@support.mexc.com ile iletişime geçin. MEXC, içeriğin doğruluğu, eksiksizliği veya güncelliği konusunda hiçbir garanti vermez ve sağlanan bilgilere dayalı olarak alınan herhangi bir eylemden sorumlu değildir. İçerik, finansal, yasal veya diğer profesyonel tavsiye niteliğinde değildir ve MEXC tarafından bir tavsiye veya onay olarak değerlendirilmemelidir.

Ayrıca Şunları da Beğenebilirsiniz

Tether’s Uruguay Bitcoin Mining Plans Could Be Over

Tether’s Uruguay Bitcoin Mining Plans Could Be Over

The post Tether’s Uruguay Bitcoin Mining Plans Could Be Over appeared on BitcoinEthereumNews.com. Tether’s push to expand Bitcoin mining in Uruguay has stalled after the state utility cut power to its local partner.  UTE, the national electricity provider, halted supply in late July over unpaid bills totaling nearly $5 million. The dispute also froze expansion efforts in the country’s Flores and Florida regions. Tether’s LATAM Bitcoin Mining Expansion Plan Hits Major Roadblock The USDT stablecoin operator entered Uruguay in 2023, promising renewable-powered Bitcoin mining. Uruguay’s abundant wind and hydro capacity made it a prime site for sustainable energy projects.  Sponsored Sponsored Tether partnered with a licensed operator, Microfin, to build facilities and secure long-term electricity deals. However, tension grew as costs and guarantees mounted. UTE required large deposits to secure the energy contracts, while Microfin sought tariff adjustments.  Negotiations led to a memorandum of understanding in June, but arrears remained unresolved. The failure to settle debts triggered the shutdown. Crypto Twitter Criticizing Tether’s Uruguay Backtrack. Source: X Tether had announced broader plans to control about 1% of the global Bitcoin network. The firm pledged hundreds of millions of dollars in South American mining projects, including sites in Paraguay.  The Uruguayan expansion was meant to anchor those ambitions. The company has emphasized that USDT reserves remain separate from its operational ventures. Mining revenue and energy assets are intended to diversify Tether’s business beyond stablecoin issuance.  Earlier this year, it also acquired a stake in Latin American agribusiness to link stablecoin use to commodity trade. The setback in Uruguay raises questions about the viability of energy-intensive mining in high-cost markets. While Paraguay and Texas have attracted miners with cheaper electricity, Uruguay’s grid is stricter on guarantees.  For now, Tether’s talks with UTE continue, but the timeline for restarting operations is unclear. Overall, this highlights the risks in tying stablecoin companies to volatile mining ventures. Tether…
Paylaş
BitcoinEthereumNews2025/09/20 10:15
Oil jumps over 1% on Venezuela oil blockade

Oil jumps over 1% on Venezuela oil blockade

Oil prices rose more than 1 percent on Wednesday after US President Donald Trump ordered “a total and complete” blockade of all sanctioned oil tankers entering
Paylaş
Agbi2025/12/17 11:55
Retail Sentiment Turns Bearish on Crypto, Flashing Historical Contrarian Buy Signal

Retail Sentiment Turns Bearish on Crypto, Flashing Historical Contrarian Buy Signal

Retail investor sentiment toward cryptocurrency has shifted decisively bearish, according to on-chain analytics firm Santiment. While such pessimism might seem like a warning sign, historical patterns suggest the opposite: extreme retail bearishness has frequently preceded significant price recoveries.
Paylaş
MEXC NEWS2025/12/17 14:16