alt Hacker NewsYou could implement FingerprintJS [1] or even implement email or phone verification before allowing purchases for unverified PayPal accounts or implement some transaction frequencies per IP address. With FingerprintJS, it can basically create a unique ID per user and mitigate the behavior you are seeing and block them or add in additional countermeasures like 2FA.
Unfortunately this won't help much.
Each transaction will be unique, with a different device, different ASN, and different IP. If you find my post above, it links to an article which explains the whatfor and how this is going on.