A smart attacker wouldn't create trillions of bitcoin, they would create a steady trickle of bitcoin indistinguishable from a medium-sized private mining operation that is too small to be noticed for a good while but large enough to make the attacker very very rich. It won't be noticed for months or even years and you cannot erase years of history. There will be no fix, only damage control.
That said, SHA-2 being broken is not very high up on my list of cryptocurrency failure modes if only because there are much more immediate concerns... and I suspect most other people implicitly feel the same way.
That not how bitcoins are created. You don't just make a few extra. The block reward is fixed, if someone made a block with more than the block award it'd be rejected by the network.
No need to create net new coins, if you can crack SHA you can start moving around somebody else's existing bitcoins. Choose your target carefully (lots of dormant and/or hacked BTC out there) and nobody will twig on for a long, long time.
The transference of Bitcoin still relies on digital signatures so the only way to forge transfers would be if ECC (or bitcoin’s implementation of ECC) was broken).
You are agreeing with me. An attacker that has broken sha-2 would pretend to be a miner, not mint trillions of bitcoin (which is not possible as you say).
That said, SHA-2 being broken is not very high up on my list of cryptocurrency failure modes if only because there are much more immediate concerns... and I suspect most other people implicitly feel the same way.