Recently, there has been an increase in crypto drainers being uploaded to websites due to a vulnerability in the open-source JavaScript library React, as reported by the cybersecurity nonprofit Security Alliance (SEAL).
React is essential for building user interfaces, particularly in web applications. On December 3, the React team announced that a white hat hacker, Lachlan Davidson, discovered a security vulnerability that permitted unauthenticated remote code execution, enabling attackers to insert and execute their own code.
SEAL reports that malicious actors are exploiting the vulnerability, CVE-2025-55182, to covertly inject wallet-draining code into crypto websites.
“We are seeing a significant rise in drainers being uploaded to legitimate crypto sites through the exploitation of the recent React CVE. All websites must review their front-end code for any suspicious assets NOW,” stated the SEAL Team.
“The attack does not only target Web3 protocols! All websites are at risk. Users should be cautious when signing ANY permit signature.”
Wallet drainers often trick users into signing a transaction using methods such as deceptive pop-ups promising rewards or similar ploys.
Websites with phishing warnings should audit their code
According to the SEAL Team, affected websites may have been unexpectedly flagged as potential phishing risks. They advise website hosts to take measures to ensure there are no hidden drainers that could compromise user safety.
“Scan your host for CVE-2025-55182. Verify if your front-end code is loading assets from unknown sources. Check if any scripts loaded by your front-end code are obfuscated JavaScript. Ensure the wallet displays the correct recipient on the signature request,” they recommended.
Related: North Korean ‘fake Zoom’ crypto hacks are now a daily concern: SEAL
“If your project is being blocked, this may be the cause. Please review your code before requesting the removal of the phishing page warning,” added the SEAL Team.
A fix for the vulnerability has been released by React
On December 3, the React team released a fix for CVE-2025-55182 and urged anyone using react-server-dom-webpack, react-server-dom-parcel, or react-server-dom-turbopack to upgrade immediately to mitigate the vulnerability.
“If your app’s React code does not utilize a server, it is not affected by this vulnerability. Additionally, if your app does not employ a framework, bundler, or bundler plugin supporting React Server Components, it is also unaffected,” the team noted.
Magazine: Meet the onchain crypto detectives who are combating crime more effectively than law enforcement
