This is just a run-of-the-mill DoS attack, with the astronomically unlikely jackpot of additionally invaliding a random unknown user's API key when you get a hit.
Astronomically is an understatement. If they made 1000 requests per second they might have a 1% chance of revoking a key before the heat death of the universe.
Cracking hashing requires large parallel processing, something you can't do if you're API limited
Cracking hashing requires large parallel processing, something you can't do if you're API limited