Recently, the Slow Mist Security Team has captured several third-party js pirate attacks against digital currency exchanges. The web front end of the digital currency exchange is used to directly embed third-party js links to implement convenient statistics, customer service and other functions. If these statistics and the customer service platform itself are invaded, the attacker can directly harm the digital currency by embedding malicious code in the js file. The security of the exchange user's funds, the consequence is that the user loses money. The third-party services that are currently known to be at risk are: easemob.com, etc. More risky third-party services are still being analyzed.