Attackers inject malicious scripts to hacked websites to get to the funds of the users e.g. by manipulating transactions or redirecting them to a malicious website. An example of an attack via injected script within the cryptocurrency space can be found in the Badger DAO hack.
Using a service users/investors should check the transaction address everytime since attackers could inject a script (or attack the smart contract) and divert coins/tokens to their addresses.
