The promise of the federated web is one of distributed resilience, yet the infrastructure of the post-Twitter era remains uniquely vulnerable to the blunt force of the old internet. On Monday, Mastodon’s flagship instance, mastodon.social, was hit by a "major" distributed denial-of-service (DDoS) attack, rendering the platform’s largest hub inaccessible for several hours. While the service has begun to stabilize following the implementation of countermeasures, the incident underscores a growing pattern of disruption targeting decentralized alternatives.
Andy Piper, Mastodon’s head of communications, confirmed the scale of the attack, noting that while the nonprofit-run server is recovering, users may experience lingering instability. Because mastodon.social serves as the primary gateway for many newcomers to the Fediverse, its downtime carries a symbolic weight that exceeds its technical footprint. The attackers, whose identities remain unknown, leveraged a surge of artificial traffic to overwhelm the server’s capacity—a crude but effective method of silencing digital communities.
This disruption follows a strikingly similar incident at Bluesky last week. The AT Protocol-based platform was sidelined for several hours by its own DDoS event, and while the company initially reported a return to stability, it faced renewed "elevated errors" on Monday. In both cases, there is no evidence that user data was compromised; these were not heists, but blockades. As users migrate away from monolithic platforms, the hubs they congregate in are becoming high-visibility targets, proving that even in a decentralized world, centralized pressure points remain.
With reporting from Engadget.
Source · Engadget
