Late past year the first tales of cryptojacking came to light where sites secretly run mining scripts to make cash from visitor CPU time.
"If you want to load a crypto miner on 1,000-plus websites you don't attack 1,000-plus websites, you attack the one website that they all load content from", said Helme.
TextHelp, which runs the Browsealoud service, is believed to have enacted its cyber-attack action plan after the incident, and is now consulting with an independent agency about a review of its security.
Browsealoud will remain offline until 12 pm on Tuesday.
"We don't know how Texthelp were compromised yet, so it is hard to say whether they were really unlucky or there was some kind of inherent problem with what they were doing".
Back in September 2017, popular magnet and torrent website thepiratebay.se (TPB) was discovered to be testing a new way to generate revenue that hijacked its visitors' CPU cycles to mine cryptocurrency.
The illicit cryptocurrency mining, known as cryptojacking, took place on more than 4,200 websites on February 11, using a malicious version of a tool called Browsealoud.
However, malware which installs such mining software without consent is fraudulent and can slow down visitor systems when legitimate websites are serving up mining scripts.
Texthelp said in a statement that the compromised plugin has been taken offline, adding that a "thorough investigation" is underway.
On Monday morning, Texthelp took the Browsealoud plug-in offline, which meant that new visitors to the affected sites would no longer load the crypto-jacking script. The Queensland government's legislation website, the Queensland Civil and Administrative Tribunal and the Victorian Parliament were reportedly affected.
A spokesperson from the NCSC said it is "examining data involving incidents of malware being used to illegally mine cryptocurrency". Notably, though, they said that "there is nothing to suggest that members of the public are at risk" at this stage.