Cloudflare as a business provides DDOS protection. If they kick out those who get ddos’s, what’s their value? (Sure, WAF etc. but you get the point).
Also, as much as casinos are ethically questionable, they are also business. Very regulated businesses even (while tech is kind of a Wild West).
And insurances provide monetary compensation until you become a common liability, too high to be covered by any sort of fee. DDOS protection is just the same. It’s only feasible if it happens rarely, like they usually happen. However if it’s a common occurrence it will just eat up the profits made by the fees and then some, which just is stupid to do in any case.
It’s not that they got DDoSed, it’s that unregulated off-shore gambling is illegal in many countries, so their IP addresses were getting blocked in these countries. The way CDNs like CloudFlare work is that many customers share the IP addresses, so they were getting other CloudFlare customers blocked as well.
CF wanted them to move to a “bring your own IP” plan so that their IP blocks wouldn’t affect other customers, and that came with the steep price tag.