This issue is called image hotlinking.
Nginx can be configured in a variety of ways to protect you from it. Read it about it here:
http://www.htpcbeginner.com/image-hotlink-protection-nginx/
http://nginxlibrary.com/hotlink-protection/
http://nodotcom.org/nginx-image-hotlink-rewrite.html
Trouble in Nginx hotlink protection
As you are saying some 150K IPs hit it 500K times, that means about 3 times each. With that in mind, you can also add browser caching of such static jpeg files in the mix, to avoid 66% of the requests. Serving static files from a so-called cookieless domain saves another bit.
Another route to consider is banning IPs at the firewall level, for example with the help of Fail2Ban. If you ban each after the first download of that file, it saves you 66% of the requests. Because it never reaches your webserver, this saves a lot of resources. But this doesn't stop it at the source.
Referrer based hotlink protection is ideal, and when you keep a list of such referrers, you can ask them to stop hotlinking so the issue hopefully goes away after a while.