It really depends on the attack vector. If our naughty actor is exploiting some leaked/compromised npm credentials (by far the most common way these attacks occur) to publish a malware-laden update, they absolutely can include the --provenance flag . . . however, the generated provenance is going to clearly show that this package was NOT generated from the original source repository. This isn't yet available in the current beta, but the registry will ultimately reject publish requests for packages if it sees that previous versions included a provenance statement but the new version either doesn't have provenance or has a provenance where the source repository is suddenly different.
An attack on the source repository itself is a whole other class of supply-chain attack that requires different defensive measures (branch protections, 2FA, etc) -- a provenance statement isn't going to do much for you here except maybe lead you back to the commit where the compromised code was initially introduced.