Etherscan went on to dispel any fear, uncertainty, and doubt about Disqus, asserting that the comments were encoded, but the APIs were not.
When asked if funds would be safe, Etherscan replied, "Yes, funds are safe. We will post a more detailed follow up later." A Disqus developer suggested the phrase "message" should be used in the code rather than "raw_message." The block explorer's admin said it would "implement the suggestion."
However, another redditor suggested the attack was a precursor for something potentially more malicious, stating:
"Often in penetration testing you would do small tests that could look more like errors or vandalism but you're still finding holes poked in the frame. One of those holes might open up to something much more important than just creating a popup."
Based on this insight, the injected code could have been an early attempt at a phishing scam, like to obtain users' private keys.