I can see that many participants in the Rainbet campaign made requests for their payment addresses to be changed.
So, I guess those are the ones OP is talking about and who are using custodial addresses to receive their payments and who got affected by this false positive flag. Is that correct, OP?

I believe mempool.space and the involved exchanges should improve their blockchain analysis algorithms, as the two addresses in question don’t look too similar (only the first and last two characters are identical). The chances for this to happen are small but it doesn’t look intentional, especially since the received amount isn’t that small. In a poisoning attack, the attacker would usually send a dust amount.