maybe you could describe how the attacker tries many times and what he does to get different outcomes cause that's the part that's unclear to me in your explanation.
Simple, he just constructs different blocks of different transactions
sending coins to himself. Different addresses, different
amounts, different timestamps, whatever.
Not only can he try endless combinations for each block in
order to make sure he meets the requirements to forge
that block, he can build as many blocks in a row as he
wants.
Moreover, if he builds a good attack chain and it wasn't
accepted, he can (a block later, or at any time) start
over and try the whole process again.
FYI, there is some guy named Bittrix who is demonstrating
successful attacks on PoS coins, so its no longer just
theoretical.
https://bitcointalk.org/index.php?topic=686403.msg10169983#msg10169983