Does anyone else find the SegWit bech32 (bc1...) addresses harder to verify visually? I don't know if it's the long prefix or the all lowercase format but it's just so unwieldy.
Bech32 is longer, but IMO it should be easier to verify since it uses less character (only 32 character) and all of them either lower character/number which is easier to see the difference
I also think that 3+3 characters is not enough. It is possible to do hijacker that will pick up a larger number of characters.
Unless the malware prepare list of address in advance, i doubt the malware can create address with 3 + 3 characters on short interval between Ctrl-C and Ctrl-V.