Hackers use JavaScript library for massive cryptocurrency theft

Cyber experts have reported a sharp increase in attacks using so-called «crypto drainers» — malicious scripts that steal funds from users' crypto wallets. According to the Security Alliance (SEAL), the reason for this was a critical bug in the popular JavaScript library React that allowed attackers to insert and execute their own code without authorization.

on December 3, the React team confirmed that ethical hacker Lachlan Davidson had discovered the CVE-2025−55 182 vulnerability. Hackers immediately started exploiting it by adding hidden code to crypto websites. According to SEAL, the number of attacks has increased significantly in recent days. «We've seen a significant spike in drainers being uploaded to legitimate crypto sites by exploiting the new React vulnerability. All sites should immediately check their front-end code for suspicious elements,» the organization emphasized.

Experts explain that malicious scripts are often disguised as pop-ups with bonuses or rewards, forcing users to sign a malicious transaction. SEAL advises website owners to check whether the frontend is downloading new assets from unknown sources and to detect obfuscated JavaScript scripts. If a website receives a phishing warning, it may be a sign of infection.

The React team has already released a patch for CVE-2025−55 182 and urged to update the react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack components. The developers clarified that applications that do not use React server components or related frameworks are not at risk.

Thus, the new vulnerability in React has become a serious challenge for web developers and users of crypto services, and its massive use by hackers has confirmed how quickly cyber threats can spread in the global digital environment.