[Warning]React valnurability.

[satscraper]

Security Alliance warned about drainers that exploit React ^{tools used by developers to build their front-ends and apps} vulnerabilities to empty crypto wallets.

The most alarming issue is that drainers can be uploaded into legitimate crypto-related websites.

I know that Web3 wallets either already support or have started to add support for BTC. The latest example is MetaMask.

In my view, when dealing with crypto, the best practice is not to use Web3 wallets at all, because even if you have  hardware wallet connected to compromised sites, they can display fake transaction prompts, and you may sign them in hurry.

[ABCbits]

I guess some website doesn't have dedicated team to update their website quickly in case like this. Looking at https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components, it seems React developer release the update since December 3, 2025.

[Mia Chloe]

I guess some website doesn't have dedicated team to update their website quickly in case like this. Looking at https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components, it seems React developer release the update since December 3, 2025.

It makes sense that they've fixed it already. Basically, open source softwares really get a quick fix compared to closed source sometimes owing to the fact that the kinda have a bigger fix team since basically any fine user can notice issues like this and contact them or fix them on his own.

I believe those using any older versions will have to upgrade to the latest one. The only problem with this is sometimes they may not get aware on time.

[joniboini]

I believe expecting a day or two (or hours) of an update for a major security fix isn't a big demand, especially if your service is used by many. Judging from what I read, though, there's no perfect way to protect ourselves from a major exploit like this. Keeping up to date with the latest security news is a must.

[NotATether]

And that's why folks you must never use NodeJS for developing crypto projects.

I used to write crypto tools in languages such as Python. However, I don't really do that anymore as old, boring languages such as PHP are still very much robust and hardened from the majority of these CVEs.