I seriously don't understand how this is possible. This shows that third party scripts are a huge risk, why aren't they monitored more closely, that's the question.
seems similar to the known vulnerability for url shortener https://www.helpnetsecurity.com/2018/05/23/url-shortener-cryptojacking/ https://safecomputing.umich.edu/be-aware/phishing-and-suspicious-email/shortened-url-security