The set of people who have that specific coffee machine is pretty small. The set of people who have that specific machine, will be able to send you the money without calling someone more competent first, yet are not smart enough to unplug it, is simply not worth the criminal's time.
What would you make "XYZ" to convince a reasonable number of users to pay you, instead of unplugging the machine and optionally removing it from their house through the nearest window?
I suppose this PoC shows how bad it can be, and you should ask, would a machine from a "major manufacturer" be any better, or how high do you think the chances are that the product manager from that major manufacturer would just look for the cheapest vendor offering IoT, and would be fooled by the sales people saying "Oh yeah, our software is very secure!" (they'll tell him this lie over the Zoom meeting that has "end to end encryption"...).
And showing the face of the devil and saying "Gimme money" is an obvious PoC. In 5 years the error message will be "Problem 0xDF. Please contact support at [scammer's number]". And then? Sending a fake repairman with a hefty bill would take too much time, how about a remote "repair" and a repair bill?
"We can send someone out to repair it, but that'll 2 weeks. Or we can do it over the Internet in 5 minutes, but it will cost $10, which would you prefer?".
So now the criminal earned $10 each, from maybe 10% of the device owners that they managed to hit.
Balance that with the cost of developing the attack, the software, the phone scripts, the infrastructure for handling the calls and money collection, ...
Also, how would the attacker collect payment? Bitcoin/gift cards break the conversion rate, and credit card will get killed by chargebacks once the attack becomes well known.
I just bought a Keurig and the there is no screen to display such a message, so the set of people this would theoretically effect is even smaller than the initial thought experiment...
The average person does not.
The coffee maker can be programmed to tell the user they have to pay or XYZ will happen.
Some will believe them and pay.