Not necessarily, because the issue here is that the website containing the address itself was altered. If an attacker can get access to the web server then HTTP public key pinning does nothing to protect you.
What would have worked, however, would have been to pin the ICO address to the blockchain in advance. Same concept.
What would have worked, however, would have been to pin the ICO address to the blockchain in advance. Same concept.