SEAL Warns: React RCE Exploited to Inject Wallet-Drainers Into Crypto Sites

Security group SEAL warns crypto sites after new React flaw is abused to inject wallet-draining code Crypto-facing websites should urgently inspect their front-end code after a spike in wallet drainers delivered through a recently disclosed React vulnerability, cybersecurity nonprofit Security Alliance (SEAL) says. What happened - On Dec. 3 the React team disclosed a critical flaw (CVE-2025-55182) discovered by white-hat researcher Lachlan Davidson. The bug allowed unauthenticated remote code execution in certain React server components, letting attackers inject and run arbitrary code on vulnerable sites. - SEAL says attackers have used the vulnerability to secretly add wallet-draining scripts to otherwise legitimate crypto websites. Those drainers trick users into signing transactions — for example via fake pop-ups promising rewards — that send funds to the attacker. Why crypto sites are at risk - Because many crypto dApps rely on browser-facing UI logic, a compromised front end can manipulate signature dialogs or replace recipient addresses, causing users to approve malicious transfers. - SEAL notes that affected sites may suddenly be flagged as phishing pages by browsers or blocklists without obvious cause, a symptom that could indicate hidden drainers are present. Immediate steps SEAL recommends - Scan for CVE-2025-55182 and audit any React server-component code. - Check whether your front end is unexpectedly loading assets from unfamiliar hosts. - Look for obfuscated JavaScript in scripts loaded by your site. - Verify that wallet signature requests show the correct recipient address before encouraging users to sign. As SEAL put it: “If your project is getting blocked, that may be the reason. Please review your code first before requesting phishing page warning removal.” Patch status and who is affected - The React team released a patch for CVE-2025-55182 on Dec. 3. Projects using react-server-dom-webpack, react-server-dom-parcel, or react-server-dom-turbopack should upgrade immediately to close the hole. - React apps that do not use a server or do not use a framework/bundler/plugin that supports React Server Components are not affected, the React team said. Bottom line If you run a crypto website or dApp, treat this as urgent. Patch affected React packages, scan your hosts and front-end assets for suspicious or obfuscated code, and verify wallet signature behavior to protect users from wallet-draining attacks. Read more AI-generated news on: undefined/news