Key generator WalletGenerator.net had a potentially malicious vulnerability introduced in its code in August 2018, MyCrypto has written in a Medium post. The changes in the code, which differed from the one available on github, caused WalletGenerator.net to produce duplicate keys. Moreover, the generated keypairs might have been stored server-side.
Although the code has been since changed, the malicious add-ons could be potentially reintroduced. My Crypto has failed to determine who introduced the changes to the code. “In this strange turn of events, we still have no idea whether the current site owner is the malicious party, if the server is insecure, or both,” MyCrypto writes.
MyCrypto suggests anyone with a public/private key pair generated after Aug. 17, 2018, should move your funds to a new secure address.