Someone lost $68M (1155 WBTC) three hours ago from an address poisoning scam by mistakenly copying the wrong address. 

Theft transaction 
0x3374abc5a9c766ba709651399b6e6162de97ca986abc23f423a9d893c8f5f570

Victim
0x1E227979f0b5BC691a70DEAed2e0F39a6F538FD5

How do you think this gets done by the hacker?

Scammer sends a very small amount of tokens to the victim from a wallet with an address whose first three hexes after 0x are identical

Unsuspecting victim copies the address from their transaction history not realizing it’s not the habitual address they send to

Victim proceeds to transfer to the scammer’s address