More details emerged about the MyDashWallet.org hack *** Please do NOT use the wallet until further notice ! *** 
Read more about this hack here :
https://www.dash.org/forum/threads/mydashwallet-org-compromised.46778/Mydashwallet.org is an online wallet developed and maintained by DeltaEngine, an independent developer. It has no relation with the official wallets maintained
by the Dash Core Group development team, which are unaffected by the compromise described below.
Today it was discovered that mydashwallet.org was compromised. The hacker was able to obtain private keys used between May 13th and July 12th. Out of an abundance of caution,
anyone using mydashwallet.org in that timeframe should assume their private keys are known by the hacker and should immediately move any balances out of that wallet.
Based on our understanding, people who used mydashwallet.org in conjunction with a hardware wallet or with associated tipbots are not affected. We also don’t believe that the
vulnerability affects other third-party wallets.
Dash Core Group is assisting the developer to resolve this issue and collecting relevant information to provide to law enforcement. For any users affected please use this forum post
to share and provide any helpful information you want to share and visit mydashwallet.org for updates.
1) In April 2018, MyDashWallet was modified to load an external script from the script hosting website GreasyFork. While not abnormal, this is not considered a secure practice, particularly
since the reference loaded the latest version of the script, rather than a specific version. On May 13 2019, a hacker compromised the GreasyFork account of the original author of the script,
Jixun Moe, and added code to send users' private keys to an external server. This change was detected on July 12 2019 when the hacker used the private keys to move user funds.
MyDashWallet is not maintained by Dash Core Group, and at no time was the Dash network itself compromised.
2) The hack itself was only active for two months before being detected. The insecure coding practice implemented by MyDashWallet went undetected for over a year due to insufficient review
of code by third parties. In the future, all code handling private keys should be reviewed thoroughly before being trusted with user funds. In particular, the use of local keystore files should be
discouraged in favour of hardware wallets, similar to best practices implemented by MyEtherWallet.
3) Dash is an open protocol built on open source software. As such, anyone is free to implement wallets or other software interacting with the Dash network. All software released by Dash Core Group
is both open source and subjected to stringent quality testing prior to release. Third party software should be reviewed carefully before use, with preference given to open source software where the
code is available.
tx @strophy
Credits : Tungi17
Source : https://bitcointalksearch.org/topic/m.51803607
