It seems to me the freebitco.in's backend works as it should but somebody found a way to inject a script on the front-end of the app and it manipulates the DOM and tricks you into doing the shit you shouldn't be doing.
Like: "You are hacked, send x amount of btc to this adress to get unhacked"
In reality, you weren't hacked at all. It is just what this script kiddie wants you to believe. Regardless of that, it should be handled asap.
Is it possible to solve this with manually putting some scripts in developers' console? Sorry if it's a dumb question, I am not a developer.
No you can't do anything like that and it looks like my assumption was half-true half-wrong, the attacker is able send withdrawal requests to the server according to codergeek.
...
I wonder if this script can send a withdrawal request or change the withdrawal address though. Since it has an access to the client side, it can do whatever it wants. (From your side)
Yes, it can do both. An unauthorised withdrawal was initiated on my account. And it was able to bypass my profile address.