With the recent attack on Workpress sites it struck me that if all logons were more expensive in CPU to the clients and if this CPU burden was used to generate crypto currency then whilst normal logon demands would not impact any one legitimate user, a distributed brute force attack would be slowed and at the same time financially aid the attacked web sites. This would thus offset the economic cost to sites that are brute force attacked.
This is a very different strategy from plugins which mine visitors. A logon is a client solicited request whereas a mining plugin that mines visitors is unsolicited use of the client CPU.
Most human users of WordPress sites stay logged on through cookies so a one-off load (which could be dynamically adjusted to only kick in inversely proportional to the attack rates) would not be noticed. An attacking client though would suddenly find that WordPress logons become ever increasingly more expensive in client side CPU. The greater the attack rate then the more crypto currency mined for the benefit of the attacked web site.
This would not create a new opportunity for attackers as any attacker that has control of client machines would just mine crypto currency locally on the machine without all the hassle of attacking other machines.