"Same attack as described here: https://labs.detectify.com/2017/07/13/a-deep-dive-into-aws-s... … it's scripts hosted in a S3-bucket without proper access controls"
Edit. Also see https://scotthelme.co.uk/protect-site-from-cyrptojacking-csp...