Yesterday an account with elevated privileges was used to add a bitcoin data miner into the site. The javascript uses CPU time on the client box to "Mine Coins". The offending user was notified and they changed their password. As a precaution the user has had their privileges revoked. I have no indication if the account was hacked or not, so I'm not making any accusations against the user.
The javascript was on the server for just a few hours, and is not considered data destructive. Obviously, it has been removed. Here's an article on what the javascript does.:
https://www.wired.com/story/cryptoja...ining-browser/