Even if you have a perfect mechanism, 17 years old can create real age-verified accounts and then sell the username and password afterwards. Selling age-verification tokens directly would likely be harder than just swapping those login details, since it's very easy to make the tokens time-limited (in practice normal use would probably be some kind of oauth-style redirect flow, so they'd really only have to be valid for a few seconds).

This same argument applies to adults buying alcohol for teenagers too. The determined teenager with money can definitely find a way to get alcohol, but it doesn't mean the age restrictions on purchases are pointless.

Imo it's a bit pointless to worry about high-speed black markets trading in signed tokens when the current most common alternative is a popup with an "I promise I am over 18" button. If society agrees some things should be difficult to access if you're underage, then we can definitely do better than that as a solution.