Feature: Warn on attempt to send Ether/Tokens to known-insecure accounts on Mainnet

[benjamincburns]

When the Truffle team launched Truffle Develop, we thought it'd be fun to use an extra sweet, chocolatey mnemonic (candy maple cake sugar pudding cream honey rich smooth crumble sweet treat). It showcased well in the docs, made things nice and repeatable, and gave us subliminal warm fuzzy feelings. These were all expected results.

There were, however, some rather unexpected results. You see, 0x627306090abaB3A6e1400e9345bC60c78a8BEf57 is the first account produced by that mnemonic.

Initially I thought "oh, we should be nice people and write a refund bot," but I think that's catching it too late. Instead, it'd be nice if there were a mechanism which warned when users attempted to send Ether/Tokens to known-insecure accounts on Mainnet.

[danfinlay]

The difficult task here is curating a list of known insecure accounts. We could easily implement this with a good curation method.

[tcoulter]

Note: removed a previous suggestion about adding private keys here. Even if we do find a way to curate, we likely don't want to publicly list private keys/mnemonics as it adds further security risks.

[deviant32]

I just lost 1 Eth to this. I was using the wallet metamask generated for me using the following wallet id: 0x627306090abaB3A6e1400e9345bC60c78a8BEf57 I sent my eth to this account and it transferred .2 to another address using .78 transaction fee.

[kapsteur]

Another case of stolen ETH due to insecure account : https://www.reddit.com/r/ethtrader/comments/7qily1/my_eth_disappeared_from_my_metamask_account/

[danfinlay]

One easy permanent fix for this problem would be for truffle/ganache to not use the same seed phrase for every user of the application. @tcoulter?

[bdresser]

Closing due to inactivity - if this is still relevant, feel free to open a new issue.