Third Party javascript loaded in the exchange front-end !? (me nitpicking)

I see the exchange.nash.io domain is loading resources in control of Cloudflare.
It is loading https://ajax.cloudflare.com/cdn-cgi/scripts/cb7744ae/cloudflare-static/rocket-loader.min.js

I’m just wondering if it would be a good idea to serve the front-end via Cloudflare. In my understanding Cloudflare can also be used to inject all sorts of other code to the browser. (using CF apps)

The reason for my concern is the story of StatCounter and Gate.io. In this case StatCounter got hacked and the javascriptcode modified to steal funds from gate.io users during withdrawal. https://www.zdnet.com/article/hackers-breach-statcounter-to-hijack-bitcoin-transactions-on-gate-io-exchange/

Using Cloudflare myself I consider it safe, but is is safe enough for Nash exchange ?

3 Likes

@canesin

2 Likes