@weavermount Urgh, yeah. Autodeposit isn't just dangerous for the person who has it on, making them vulnerable to this kind of thing. It also raises the risk for all users, because if someone has it turned on and then eg they're domain squatting, or a sender just mistypes the address they want...