That doesn't sound very plausible to me. Your theory is that there are criminal gangs sophisticated enough to create large DDOS attacks but so clueless that won't use a cheap virtual server and a VPN when setting up their public intake?
And even if it worked for Cloudflare, it's not like they're shutting down the DDOS services they're tracking. The services could still go out and attack non-Cloudflare customers. So even if you were right, it wouldn't be exculpatory.