Hackers Used Ontario Government and CAMH Websites to Mine Cryptocurrency

Visitors to thousands of websites—including UK and US government sites—were forced to unknowingly mine cryptocurrency over the weekend after hackers compromised a popular browser plugin called Browsealoud, and rejigged it to hijack site visitors’ computer power.

Among the affected sites, which included the UK’s information commissioner and uscourts.gov, were some prominent Canadian URLs. According to a list of sites running the Browsealoud plugin, which offers accessibility and translation services, the websites for the Information and Privacy Commissioner of Ontario, the Ontario Trillium Foundation, and the Centre for Addiction and Mental Health (CAMH) were compromised.

Read More: Cryptocurrency Mining Hack That Compromised Thousands of Sites ‘Could Have Been a Catastrophe’

According to a blog post by Texthelp, the company behind Browsealoud, the exploit was live for four hours on Sunday before the service was taken offline completely to stop the attack, and will remain offline until Tuesday. Crucially, the company noted that no customer data was lost—and even though the hackers could have done anything they wanted with site visitors’ computers, they chose to mine cryptocurrency.

“We can’t comment on this because it’s a third party plugin we used on our website, but we’ve been in touch with our contact at Texthelp,” said Cynthia McQueen, a spokesperson for Ontario Trillium Foundation, a government funding agency, over the phone. “We know for sure that no customer data was accessed or lost, and that [the script] is currently not on our website.”

Technical experts from CAMH, Canada’s largest mental health and addictions hospital located in downtown Toronto, were unavailable to comment. However, a spokesperson noted that investigators have found no evidence of data being lost or compromised. Spokespeople for the Information and Privacy Commissioner of Ontario were not immediately available to comment.

This attack, which secretly embeds a legitimate cryptocurrency mining script called Coinhive in websites, is the largest yet in a growing trend as criminals cash in on the rising values of digital currencies. On Sunday, the UK’s National Cyber Security Centre announced that it is investigating the hack and that there is likely no further risk to the public.

Surreptitious cryptocurrency mining is a rising global trend in cybercrime. Mining scripts like the one used in Sunday’s hack, Coinhive, can be used legitimately but also provide an easy way for hackers to deliver mining code. Cryptocurrency mining demands a lot from computers and can slow down visitors’ machines. Last year, hackers delivered Coinhive mining code to Starbucks customers via an Argentine internet service provider.

For Canadians, a dubious trend has finally hit home.

Get six of our favorite Motherboard stories every day by signing up for our newsletter .