It sounds like it would be non-trivial to identify the perpetrator:
Referenced in that article is another story about a proposed NYC law to make it punishable by up to $1000 to this kind of thing. As far as I can tell it hasn’t made it out of committee. But I think it is on Apple to fix this problem. Perhaps they could update the feature to include the sender’s phone number or iCloud account name, or provide an option for the sender to include that information and an option for people to only accept AirDrops from people who have enabled sender identification. So you’d have the options to receive from “Contacts Only”, “Identified Senders” and “Anonymous”. You’d still be open to getting harassing images, but a quick screen shot or other log would leave an easily identified trail. And rather than some kind of fine or jail time, the punishment could be disabling your phone for a period of time or disabling all features except the phone app so as to not impose an undue hardship.