Oof curious to see what it is, when I've tried this service before they required confirmations on both sides so it seems they wouldn't be vulnerable to the obvious attacks