I don't know, whether this is a total brain fart or not, but I just had an idea.
What if a DNM would provide a separate, random .onion domain for each customer? Those could be generated upon the first visit on the main domain.
This way DDoS could easily be circumvented by just stopping to serve the attacked domains.
I don't know much about the technical details of TOR, so I am interested in your opinions. According to this answer the introduction points would be the only parts that could fail.
To make sure that attackers can't just generate a load of domains and attack those all at once, the market could implement various security measures:
And as an extra bonus, requiring users to deposit money first, could stop LE. I don't know the rules for LE, but I guess they're not allowed to fund criminals and drug traffickers, aren't they? :D