If I can suggest a simple work around to avoid this kind of theft, I can suggest a easy virtual machine installation
I use it for my home banking and Crypto transfers.
An USB, 128gb or more to get acceptable performance
All the address saved in the task bar to avoid fake site found by googling
Linux lubuntu, a lighted and fast version of Linux.
When I need to use home baking or Crypto wallet I use this USB. I called it bank box.
Not sure at 100, but for sure more Than home pc.
If I'm forced to use it from my home pc, I usually check the first and last 3 or for address chars.
I also used a virtual machine for some time and it was with lubuntu too.
But still, this method, although safer, also has drawbacks if a trojan settles on the main computer.
Therefore, over time, I moved to an old dedicated laptop.
I hope did you turn off access to the host clipboard in the guest isolation settings?
I also think that 3+3 characters is not enough. It is possible to do hijacker that will pick up a larger number of characters.