i just found this news report. and another relevant article.
you probably already know ....

This means that if the wallet is used to make any transactions, instead of sending the cryptocurrency to the recipient, the hacker can steal the coins instead - an attack known as a phishing scam.

The hack was discovered by Ethereum Classic's core developers at 3am BST on Friday 30 June. The team immediately started warning users over Twitter to stop using the service, and eventually managed to get distributed denial of service (DDoS) prevention technology providers Cloudflare to place a phishing warning that will appear to anyone that tries to access the Classic Ether Wallet website.

Users are advised that all the cryptocurrency they have stored in their wallets is safe, as long as they do not visit the website and paste in their private key, or use it to make transactions. All addresses and keys that were created before Thursday 29 June are also safe, it is just unsafe to use the website at present.

Ethereum Classic has confirmed that the back-up site located on GitHub is working and is safe to use. Users are advised to make transactions using another service called My Ether Wallet, and connect it to the ETC node.