Sharing some thoughts from our own experience fighting cryptominers and the negative externalities for CI companies and their users. I'd be curious to hear if any other services have been affected.
We have the same problem in Okteto. We've been investing a lot on building tech to prevent this (I gave a talk on this during the last eBPF community days -> https://www.youtube.com/watch?v=tplv3Hjjv2Q), but it's tough. We spend a LOT of resources fighting it.
Do you see yourself able to fully automate that process? The Falco -> slack notification -> manual ban doesn't sound like it will scale very well (but a nicer workaround than outright removing the free tier!).