Government websites in the UK and US, including those belonging to the data regulator and the Student Loans Company, have been secretly commandeered by hackers to mine bitcoin.
The website of the Information Commissioner's Office was among several to be taken offline after a security researcher discovered that malware was being used to illegally mine cryptocurrencies.
Read more: Bitcoin is yo-yoing
The National Cyber Security Centre (NCSC) said it was investigating the incident.
"NCSC technical experts are examining data involving incidents of malware being used to illegally mine cryptocurrency. The affected service has been taken offline, largely mitigating the issue. Government websites continue to operate securely," said a spokesperson.
They addend: “At this stage there is nothing to suggest that members of the public are at risk.”
The rogue code was added by criminals to texthelp, which is used to make websites readable for those who struggle with literacy, according to researcher Scott Helme. The technology is used by many websites, including those belonging to the US Courts, the General Medical Council, and some local councils.
"If you want to load a crypto miner on 1,000-plus websites you don't attack 1,000-plus websites, you attack the one website that they all load content from," said Helme.
The code adds a script to web pages that uses a computer's processing power to mine cryptocurrency when people browse the site. The Coinhive miner was developed for people to monetise websites as an alternative to having advertising, but it is increasingly being added to websites maliciously.
Hackers targeted a Starbucks in Argentina last year in what's sometimes referred to as a cryptojacking, using the miner to hijack its free wi-fi so that bitcoin was mined whenever someone browsed the internet.
Mining bitcoin and other cryptocurrencies requires a large amount of power.
Texthelp said the files that had been tampered with had been removed on Sunday.
"The company has examined the affected file thoroughly and can confirm that it did not redirect any data, it simply used the computers CPUs to attempt to generate cryptocurrency," said its technology chief and data security officer Martin McKay.