As others have pointed out, this would not have stopped the current attack.

Your strategy sounds reasonable.

However, I don't believe it will work. Not because one dollar is that much money, but simply having to make a transaction in the first place is enough of a barrier — it's just not worth it. So most open source won't do it and the result will be that if you are requiring your software to have this validation, you will lose out on all the benefits.

It's kind of funny because most of the companies that would use the extra-secure software should reasonably be happy to pay for it, but I don't believe they will be able to.