Photo: solarseven & alfernec (Shutterstock)
A serious software bug is putting crypto websites worldwide under pressure. Thousands of websites may be vulnerable. Through the flaw, attackers can in some cases take over entire servers, with potentially major consequences for users. Hackers can completely drain wallets without users immediately noticing. What exactly is going on?
Critical Vulnerability Hits Crypto Platforms #
The problem is not in the blockchain itself, the technology behind cryptocurrencies. It’s about the technology used to build many websites. Many websites use a popular technology called React. This determines how a website looks and how buttons, forms, and wallets work. The vulnerability lies in React Server Components, a part of React that lets websites run certain functions on the server instead of in the browser. A security flaw in a component of that makes it possible for attackers to execute commands on a website’s server without logging in. With one special web request, they can break in, often without the owner noticing immediately. The problem is officially recorded as CVE-2025-55182 and affects multiple recent versions of React and related systems like Next.js. In early December, the React administrators made the problem public and it was immediately marked as extremely dangerous. That was not without reason. Shortly after the announcement, researchers saw the flaw being massively exploited. Not only by cybercriminals, but also by allegedly state-backed hacking groups, who are often involved in large-scale attacks. According to researchers, the vulnerability is still being actively exploited.
Hackers Can Exploit Flaw to Steal Crypto #
The Security Alliance, a group of ethical hackers, also sounds the alarm. They see that attackers are increasingly using this flaw to place so-called crypto drainers on legitimate crypto websites. That is malicious code that ensures that visitors’ wallets are emptied as soon as they approve a transaction. In practice, the flaw is abused in multiple ways. Attackers use it to install malicious software or create hidden backdoors, allowing servers to remain under their control for a long time. A common attack is installing cryptomining software, often focused on Monero. That software runs unnoticed in the background and consumes computing power and electricity. For the attackers, this yields money, while the website owner has to deal with slow performance and higher costs. For crypto users, however, the greatest danger lies in what happens on the website itself. Many crypto platforms use React and Next.js for things like connecting wallets, signing transactions, and approving actions. If attackers take over a website through this flaw, they can add malicious code that manipulates wallet interactions. This can lead to transactions being intercepted or secretly redirected to the attacker’s address, even though the blockchain itself remains technically secure. Websites that have updated their React and Next.js installations are significantly less at risk.