Yeah, introducing real world friction is seemingly one of the only ways of actually solving the problems of frictionless digital systems (apart from computational disenfranchisement, of course).
It might be a better idea to frame your idea in terms of online interactive proofs rather than offline bearer tokens. It's of course a lot less private/convenient to have to bring a phone or other cell-modem enabled device to the vending machine, especially for the average person who won't exercise good digital hygiene. Still, some sort of high-latency challenge-proof protocol is likely the way to go, because bearer tokens still seem too frictionless.
For example (3) could be mitigated with an intermediary marketplace that facilitated transactions with escrow. If tokens were worth say $2, then even just getting 10 at a time to sell could be worth it for the right kind of person. And personally I'd just get 10 tokens myself simply to avoid having to go back to the machine as much. In fact the optimal strategy for regular power users might be to get as many tokens as you think you might need to use (even if you have to pay for them), and then when they near expiration time you sell them to recoup your time/cost/whatever.
My concern with some "bring your phone and use it immediately" scheme is that someone could pierce the privacy by looking at a correlation between the time an account was mode or a pattern of network-traffic occurred, versus the time someone was using/near the vending machine.
Adding large and unpredictable amounts of latency makes that kind of correlation weaker and hopefully impractical.