Seems like it was a sophisticated address-swap attack (mirroring the first 4 and last 4 characters of the victim's intended address).

This sort of thing is possible on Bitcoin also, although I think here the attacker exploited some mEth magic to acquire the address in the first place. Many more vulnerabilities in wallet software to take advantage of.