The popular Ethereum Classic Wallet has been compromised by a social engineering hack. The attack vector was made by a hacker who called the wallet's web host in Germany and managed to convince them he was the website owner - it is not clear how this occurred. The hacker then changed the domain to point to a web server he owns and can therefore receive their transactions.
The news is developing, more info will be available soon
source: cryptocompare.com