While true, this is also an eye opening event of how much worse it could be if it was more generic and not limited to crypto wallet addresses.

Seems like exchanges should have a confirmation screen that shows the destination addresses from XHR requests before processing, though I suppose the malicious script could just change the DOM showing the address you entered instead of the modified address it injected.