I believe that only small group of high rollers were targeted or at least users whose IDs where published on leaderboard of daily jackpot, monthly wagering or referral contest.
I believe the vulnerability can't be exploited without a valid user ID and the attackers are definitely getting those IDs from the jackpot leader board. This explains why only a limited number of users were affected by this attack.
If freebitco.in team are aware of this ND didn't take any action, that's bad. If they aren't, that's even worse!
Hard to say, maybe in your case, at some point attackers managed to overwrite deposit address and make it fixed somewhere in website's html code.
The difference between your case and his is that he made a deposit while you didn't. Since you didn't make a deposit, the attacker probably decided to change his tactic by making you believe your account got banned.