Really? That sounds extremely shitty. As a customer of Vultr, it makes me a bit scared, but during the 5~ or something years I've used them, that never happened to me.
You'd be doing everyone a service by continuing to dig out a reason for why that happened, and if they don't provide it, lambast them over social media or something so they do provide some sort of justification.
It happened probably 6-7 months ago and worse yet, services I had downstream actually were sensitive to the geolocation of the caller. Fortunately I caught it quickly enough when someone I was working with tried to SSH into the host and couldn't.
Surely the account was being paid via cryptocurrency however it was already verified through the linking of an actual traditional credit card like they required.
You'd be doing everyone a service by continuing to dig out a reason for why that happened, and if they don't provide it, lambast them over social media or something so they do provide some sort of justification.