SEAL Warns Crypto Websites at Risk from Wallet Drainers and Fake Zoom Scams

Highlights:

• SEAL warns crypto websites are at risk due to React vulnerability exploitation.
• Wallet drainers trick users through fake pop-ups and phishing signature requests daily.
• SEAL alerts that North Korean hackers are stealing millions via fake Zoom calls.

Cybersecurity group Security Alliance (SEAL) says more crypto drainers are appearing on websites. This is due to a flaw in the JavaScript library React. The flaw, CVE-2025-55182, allows attackers to run code without permission. They can also insert scripts that steal crypto wallets.

React, which is used to build web interfaces, stated on Dec. 3 that hacker Lachlan Davidson discovered the flaw. The vulnerability enables attackers to run code remotely without logging in. Hackers are now exploiting this weakness to target crypto websites and steal users’ wallets. SEAL warned that these attacks are serious. They advised that all websites should review their code for suspicious files immediately.

Websites at Risk from Hidden Wallet Drainers

The nonprofit said some websites marked as phishing targets might have been affected without a clear reason. They suggested that website owners check for CVE-2025-55182 and look at front-end scripts for hidden JavaScript or unknown files.

SEAL added that websites being blocked could have this issue. They advised reviewing code carefully before asking to remove phishing warnings. SEAL also stressed checking signature requests to make sure wallet recipients are correct. They explained that wallet drainers trick users into signing transactions using fake pop-ups or reward promises. SEAL warns that the attacks are not only on Web3 protocols. All websites could be at risk, and users should be careful when signing any permit signature.

Crypto Drainers using React CVE-2025-55182

We are observing a big uptick in drainers uploaded to legitimate (crypto) websites through exploitation of the recent React CVE.

All websites should review front-end code for any suspicious assets NOW.

— Security Alliance (@_SEAL_Org) December 13, 2025

React released a patch on Dec. 3 to fix the security flaw. The team told users of react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack to update immediately to close the vulnerability. The React team said apps that do not use a server remain unaffected. They also said apps that do not use a framework, bundler, or plugin for React Server Components are safe. The patch is meant to stop attackers from adding wallet-draining code to websites. It helps protect users from losing money in unauthorized transactions.

North Korean Hackers Target Users with Fake Zoom Calls

SEAL also warned that North Korean hackers are running multiple scams every day using fake Zoom meetings. In fact, security researcher Taylor Monahan said these scams have already stolen more than $300 million from victims by tricking them into downloading malware.

According to Monahan, the scam usually begins with a message from a Telegram account that the victim knows. Attackers invite users to a Zoom call, making them believe it is a real conversation with friends or colleagues. She added that attackers often share a link before the call and mask it to look genuine.

On the call, victims may see the person and some of their partners or colleagues. Monahan explained that these videos are not deepfakes, as some reports claimed. Instead, they are real recordings taken from hacked sources or publicly available content, such as podcasts.

🚨 WARNING (AGAIN)

DPRK threat actors are still rekting way too many of you via their fake Zoom / fake Teams meets.

They're taking over your Telegrams -> using them to rekt all your friends.

They've stolen over $300m via this method already.

Read this. Stop the cycle. 🙏 pic.twitter.com/tJTo9lkq0v

— Tay 💖 (@tayvano_) December 13, 2025