And I always wonder if something like that is possible
A couple of years ago, I read about Man In The Middle Attacks by Tor exit nodes. I think they had to remove or replace https-encryption, after which they could replace Bitcoin addresses for their own.
Maybe if they managed to install a remote access trojan on the user's computer, they would gain full access and be able to completely manipulate such things.
Or just a malicious browser that replaces crypto addresses.
I think the only way we can protect ourselves from such a scenario is to use air-gapped wallets and separate computers for cryptocurrencies. If hackers don't have access to our devices, then they can't do anything to us.
If you're depositing to an online service, you still need to get their address. A Letter of Guarantee could work, as long as you have their signing address from a previous visit. But I don't think any CEX (or casino) offers that. For some reason depositing is completely trust-based: if they'd say the address you found on their website isn't yours, you can't prove anything.