There are multiple ways a hacker can get to your IP behind a cloudflare WAF, most probably is that your website suffers an SSRF vulnerability (Which is easily bypassable in cloudflare) and used it to ping his own server and locate your server's IP. Other stuff might include Open source Intelligence.
I have a solid experience in bug hunting and web site penetration testing, I am working as an information security consultant right now and help clients secure their assets on a daily basis. Please contact me and I'm sure I'll be able to help you.