This attack is known for years, just the first link from google: https://bitcointalk.org/index.php?topic=1019320.0
It's not easy to carry it out though.
Imagine you bought a key k1. In order to keep it's balance, the latest point where you can start building you fork is right before the key was emptied. Now you can buy another empty (on the main chain) key k2, but what state the key k2 is on your fork? Your history is different (on your branch you must exclude all transactions that depend on transaction that spends k1), maybe k2 was never funded on your fork, if it was, OK you buy it, but your history inevitably drifts away from the main history more and more and it becomes more and more difficult to find suitable keys from the main chain to buy.
Also I can't agree, that setting a limit on the reorg depth doesn't help. In the case of such a major attack node owners will have to manually choose what branch they want to stay on, and likely it will be easy to see which branch is a legit one.