Wallet poisoning attack only happen on crypto multi wallets, anyone is free to correct me if I am wrong, I've never seen where fake Bitcoin is been sent to any Bitcoin wallet before, it's always those useless tokens and shit coins.
The software or hardware wallet isn't the main issue here. Poisoning scams usually happen on blockchains that have cheap transaction fees. Those include Polygon, Binance Smart Chain, Ethereum and its L2s, Tron, etc. These networks also allow zero or near-zero transactions. Bitcoin has dust limits and transaction fees are somewhat higher. I guess it's also more difficult and time-consuming to generate vanity addresses that resemble those of the target victims as much as possible.
Those are some of the reasons you don't see this scheme on the Bitcoin blockchain. It's not because of single-coin or multi-coin wallets. The idea is to get the wrong address at the top of the victim's transaction history so they will copy it and send crypto to it.
Aren't hardware wallets exposed too once they're connected to the internet? I'm thinking we can't check sender's address if a wallet isn't connected to the internet, right?
A hardware wallet doesn't need internet connection to generate addresses. Airgapped hardware wallets like Passport, Jade, Seedsigner, etc. work completely offline. The signing takes place offline but the broadcasting of transactions is done via a hot wallet. The software on the internet-connected computer might be affected by a virus but not what is displayed on the screen of your hardware wallet. That's why people verify the information on screen to what the software wallet shows before broadcasting.