Yeah, I believe that only small group of high rollers were targeted or at least users whose IDs where published on leaderboard of daily jackpot, monthly wagering or referral contest.
And that's understandable - these accounts have active users and should have enough BTC balance to make a withdrawal.

Attackers managed to inject malicious script into a particular user's session (by a known ID).
In my case it was https://cashtravel.info/forum/main.js.
Now, they could change location of malicious script and even improve its code.

I saw that one of Legendary user became a victim of similar attack, so maybe now this issue will get a proper attention.