BorsaDEX+
Kripto AlPiyasalarSpotVadeli İşlemler500XBirikimEtkinlikler
Daha Fazla
ELIZAOS Etkinliği
The post This new React bug can drain your wallets if not caught appeared on BitcoinEthereumNews.com. A critical vulnerability in React Server Components is beingThe post This new React bug can drain your wallets if not caught appeared on BitcoinEthereumNews.com. A critical vulnerability in React Server Components is being

This new React bug can drain your wallets if not caught

Yazar: BitcoinEthereumNewsKaynak: BitcoinEthereumNews
2025/12/16 21:25
Wrapped REACT
REACT$0.05048-3.60%
Notcoin
NOT$0.0004985-5.72%
Cloud
CLOUD$0.08075-1.44%
Suilend
SEND$0.2263-3.57%
Ambire Wallet
WALLET$0.01376-15.16%

A critical vulnerability in React Server Components is being actively exploited by multiple threat groups, putting thousands of websites — including crypto platforms — at immediate risk with users possibly seeing all their assets drained, if impacted.

The flaw, tracked as CVE-2025-55182 and nicknamed React2Shell, allows attackers to execute code remotely on affected servers without authentication. React’s maintainers disclosed the issue on Dec. 3 and assigned it the highest possible severity score.

Shortly after disclosure, GTIG observed widespread exploitation by both financially motivated criminals and suspected state-backed hacking groups, targeting unpatched React and Next.js applications across cloud environments.

Loading…

What the vulnerability does

React Server Components are used to run parts of a web application directly on a server instead of in a user’s browser. The vulnerability stems from how React decodes incoming requests to these server-side functions.

In simple terms, attackers can send a specially crafted web request that tricks the server into running arbitrary commands, or effectively handing over control of the system to the attacker.

The bug affects React versions 19.0 through 19.2.0, including packages used by popular frameworks such as Next.js. Merely having the vulnerable packages installed is often enough to allow exploitation.

How attackers are using it

The Google Threat Intelligence Group (GTIG) documented multiple active campaigns using the flaw to deploy malware, backdoors and crypto-mining software.

Some attackers began exploiting the flaw within days of disclosure to install Monero mining software. These attacks quietly consume server resources and electricity, generating profits for attackers while degrading system performance for victims.

Crypto platforms rely heavily on modern JavaScript frameworks such as React and Next.js, often handling wallet interactions, transaction signing and permit approvals through front-end code.

If a website is compromised, attackers can inject malicious scripts that intercept wallet interactions or redirect transactions to their own wallets— even if the underlying blockchain protocol remains secure.

That makes front-end vulnerabilities particularly dangerous for users who sign transactions through browser wallets.

Source: https://www.coindesk.com/tech/2025/12/16/new-react-bug-that-can-drain-all-your-tokens-is-impacting-thousands-of-websites

Piyasa Fırsatı
Wrapped REACT Logosu
Wrapped REACT Fiyatı(REACT)
$0.05048
$0.05048$0.05048
-2.92%
USD
Wrapped REACT (REACT) Canlı Fiyat Grafiği
Sorumluluk Reddi: Bu sitede yeniden yayınlanan makaleler, halka açık platformlardan alınmıştır ve yalnızca bilgilendirme amaçlıdır. MEXC'nin görüşlerini yansıtmayabilir. Tüm hakları telif sahiplerine aittir. Herhangi bir içeriğin üçüncü taraf haklarını ihlal ettiğini düşünüyorsanız, kaldırılması için lütfen [email protected] ile iletişime geçin. MEXC, içeriğin doğruluğu, eksiksizliği veya güncelliği konusunda hiçbir garanti vermez ve sağlanan bilgilere dayalı olarak alınan herhangi bir eylemden sorumlu değildir. İçerik, finansal, yasal veya diğer profesyonel tavsiye niteliğinde değildir ve MEXC tarafından bir tavsiye veya onay olarak değerlendirilmemelidir.

Ayrıca Şunları da Beğenebilirsiniz

China Blocks Nvidia’s RTX Pro 6000D as Local Chips Rise

China Blocks Nvidia’s RTX Pro 6000D as Local Chips Rise

The post China Blocks Nvidia’s RTX Pro 6000D as Local Chips Rise appeared on BitcoinEthereumNews.com. China Blocks Nvidia’s RTX Pro 6000D as Local Chips Rise China’s internet regulator has ordered the country’s biggest technology firms, including Alibaba and ByteDance, to stop purchasing Nvidia’s RTX Pro 6000D GPUs. According to the Financial Times, the move shuts down the last major channel for mass supplies of American chips to the Chinese market. Why Beijing Halted Nvidia Purchases Chinese companies had planned to buy tens of thousands of RTX Pro 6000D accelerators and had already begun testing them in servers. But regulators intervened, halting the purchases and signaling stricter controls than earlier measures placed on Nvidia’s H20 chip. Image: Nvidia An audit compared Huawei and Cambricon processors, along with chips developed by Alibaba and Baidu, against Nvidia’s export-approved products. Regulators concluded that Chinese chips had reached performance levels comparable to the restricted U.S. models. This assessment pushed authorities to advise firms to rely more heavily on domestic processors, further tightening Nvidia’s already limited position in China. China’s Drive Toward Tech Independence The decision highlights Beijing’s focus on import substitution — developing self-sufficient chip production to reduce reliance on U.S. supplies. “The signal is now clear: all attention is focused on building a domestic ecosystem,” said a representative of a leading Chinese tech company. Nvidia had unveiled the RTX Pro 6000D in July 2025 during CEO Jensen Huang’s visit to Beijing, in an attempt to keep a foothold in China after Washington restricted exports of its most advanced chips. But momentum is shifting. Industry sources told the Financial Times that Chinese manufacturers plan to triple AI chip production next year to meet growing demand. They believe “domestic supply will now be sufficient without Nvidia.” What It Means for the Future With Huawei, Cambricon, Alibaba, and Baidu stepping up, China is positioning itself for long-term technological independence. Nvidia, meanwhile, faces…
Paylaş
BitcoinEthereumNews2025/09/18 01:37
Samsung To Unveil New AI-Connected Living Lineup at CES 2026

Samsung To Unveil New AI-Connected Living Lineup at CES 2026

Company introduces AI-powered appliances designed to deliver smarter living by enhancing fabric care, air conditioning and cleaning Highlighted models include upgraded
Paylaş
AI Journal2025/12/18 09:16
XRP ETF Inflows Hit $8.54M as Institutional Exposure Rises to $1.16B

XRP ETF Inflows Hit $8.54M as Institutional Exposure Rises to $1.16B

XRP is currently trading at $1.86, consolidating near a key support zone while momentum remains weak. Institutional inflows into XRP-ETFs remain positive. Flow–
Paylaş
Tronweekly2025/12/18 09:00