A recently discovered security issue in React code has been exploited to inject harmful wallet-draining scripts onto cryptocurrency websites, according to Security Alliance (SEAL).
The flaw, labeled as CVE‑2025‑55182, enables unauthorized code execution and was made public by the React team on December 3. Developers using server-side components in React were urged to update their packages to protect websites that interact with crypto wallets.
This vulnerability was first detected by white-hat researcher Lachlan Davidson, who found that it could allow attackers to run malicious code in web applications without consent.
Did you know?
Subscribe – We publish new crypto explainer videos every week!
What is Cardano in Crypto? (Easily Explained!)
Security experts at SEAL noted that some threat groups have already injected wallet-draining software into web pages that appear trustworthy in the crypto space.
SEAL pointed out that websites showing unexpected phishing alerts or those newly flagged by browser warning systems might conceal suspicious wallet-draining code.
Operators should review their site’s public-facing scripts for any unfamiliar or disguised code, confirm that any wallet signature requests display verified transaction details, and scan their projects for vulnerabilities associated with CVE‑2025‑55182.
Fake permission prompts, known as “permit” signatures, are being used to mislead users into approving transactions that steal funds directly from wallets. These pop-ups may look legitimate, but they can quietly transfer money out of accounts if users approve them.
The React team clarified:
If your app does not use a framework, bundler, or bundler plugin that supports React Server Components, your app is not affected by this vulnerability.
Security firm Socket found that the Chrome add-on “Crypto Copilot” stole Solana
$60.05M
trades. How? Read the full story.
