If they've been login attacks, would not be more likely that they were trying to steal BCHs from accounts with weak passwords (brute force attack) than actually DDoS?
Good question. Memo, do you throttle attempts and/or lockout accounts for bad logins? Of course not sure how they would know usernames as they are not public.
We have some throttling, but this was coming from lots of different IPs and wasn't targeting any specific accounts.
They could just try profile names as usernames. I would bet that in many profiles they are the same.
