Yeah, that's why I said assuming it was taken from a phished account. But you're right, a vendor could do this on top of the traditional exit scam, and in that case, it could be much worse if they collect hundreds of addresses over a long time period.