Is any existing hash algorithm strong enough?
Yes; actually, any cryptographically secure hash algorithm (such as SHA-2, SHA-3, Blake2) would be plenty strong enough.
To emphasize this, let me point out that MD5 is strong enough. Now, MD5 is considered quite weak (and no one here would endorse its use); however even with its known weaknesses, it is still strong enough against this specific attack.
MD5 has a 128 bit output (contrasted with the cryptographical hash functions we use in practice, which have much larger outputs). In addition, there are known ways to generate "collisions", that is, pairs of inputs that MD5-hash to the same value. However, those methods assume that the attack has control over both inputs - in this case, the valid publisher generates the valid image and the attacker cannot alter what the publisher signs, and so the collision weakness of MD5 does not apply. MD5 has no known weaknesses to 'second preimage' attacks, or to a 'multitarget second preimage' attack (which is exactly what this is), and so the only approach the attacker has is the hash various inputs until he finds a match.
Now, we assume that there are $60,000 \approx 2^{16}$ valid signatures; if the attacker hashes a guess, that has about a $2^{-128+16} = 2^{-112}$ probability of hashing to one of the targets. In other words, to get a one-in-a-thousand chance at finding an image that hashes to one of the targets, he would need to hash about $2^{102}$ images.
Now, it is estimated that the global bitcoin mining industry evaluates about $2^{68}$ hashes per second (actually, a bit less); that means that if the attack would be able to devote all that processing [1] to attacking your system, they would need to go at it for about $2^{34}$ seconds (or about 500 years) to get up to that 1-in-a-thousand chance.
If you swap out MD5 with a real crypto hash, that 500 years turns into 'heat death of the universe' type of timeframe.
[1]: Of course, the current bitcoin mining infrastructure is built around SHA-256 - I'll ignore that detail.
