Unless I missed something in the article, I'm not sure this is odd or malicious behavior. The NTP servers know your IPs because you sent packets to them from those IPs. So you basically told them what your big random 128-bit IPv6 address is.
And the fact that they sent packets back to you (after you sent them packets) is not surprising either. However, if you can show that a full-blown port scan occurred after you sent them packets, then that would be odd. I did not see evidence of that in the article... did I miss that?
"It takes less than five seconds for your address to be harvested and scanned. The entire scan takes less than one second and scans over 100 common TCP and UDP ports. "
OK. I'd like to see a full packet capture. And technically, the address was not 'harvested'. He gave it to them when he sent them packets. The story strikes me as very dramatic and over the top because of statements such as that.
Look in to what shodan is, its a service dedicated to portscanning the internet. With ipv4 you can easily scan every ip, with ipv6 you need some mechanism to discover addresses. This very much looks like they joined the ntp pool soley to harvest and portscan addresses.
And the fact that they sent packets back to you (after you sent them packets) is not surprising either. However, if you can show that a full-blown port scan occurred after you sent them packets, then that would be odd. I did not see evidence of that in the article... did I miss that?