Page DDoSed and used 60% of my daily requests quota

Cloudflare detected a DDoS attack on my Cloudflare Pages property. I assumed Cloudflare would have taken care of the attack and prevented abnormal usage of my daily requests quota, but it still took up over 60,000 requests. These were illegitimate requests, but I’m still being held accountable for them.

Why is this not already addressed?