[Hackers Exploit React JavaScript Library Vulnerability to Deploy Cryptocurrency Wallet Fund-Stealing Programs] Hackers have exploited a vulnerability in the React JavaScript library to inject code into websites that steals funds from cryptocurrency wallets, primarily targeting cryptocurrency platforms. On December 3, the React team released a patch for the CVE-2025-55182 vulnerability, which allows unauthenticated code to execute on remote computers. The team recommends that all affected modules be upgraded immediately. The cybersecurity NGO Security Alliance (SEAL) has noted a significant increase in such attacks targeting well-known cryptocurrency websites. Attackers use this vulnerability to upload malicious 'fund stealers,' tricking users into approving fraudulent transactions by mimicking legitimate pop-ups or reward claim messages on well-known domains.