This attack is known for years, just the first link from google:
https://bitcointalk.org/index.php?topic=1019320.0It's not easy to carry it out though.
Imagine you bought a key k1. In order to keep it's balance, the latest point where you can start building you fork is right before the key was emptied.
Now you can buy another empty (on the main chain) key k2, but what state the key k2 is on your fork? Your history is different, maybe k2 was never
The attacker buys all keys at once, or very close together as stated in the description.
Also I can't agree, that setting a limit on the reorg depth doesn't help. In the case of such a major attack node owners will have to manually choose what branch they want to stay on, and likely it will be easy to see which branch is a legit one.
How can they be sure which branch is legitimate? If the re-org depth is very small, it will be indistinguishable from a regular re-org. In any case, such manual intervention is equivalent to centralised control, and we're back to the same conclusion again.