Mastodon Confirms DDoS Attack on Its Flagship Server: What Happened and What It Means

A Mastodon DDoS attack targeted the platform’s primary server, mastodon.social, on Monday, causing intermittent outages and error messages for users. The decentralized social networking software maker confirmed the distributed denial-of-service (DDoS) attack in a status update around 7 a.m. ET, noting that the site was largely inaccessible for a period.

By 9:05 a.m. ET, Mastodon announced it had implemented countermeasures, restoring access. However, the company warned that some instability might persist as the attack continued. This incident comes just days after Bluesky, another decentralized social network, resolved a prolonged DDoS attack that caused days-long outages.

How Mastodon Responded to the DDoS Attack

Mastodon’s team quickly deployed countermeasures within two hours of the attack’s start. According to Andy Piper, Mastodon’s head of communications, the millions of malicious requests matched the pattern of a typical DDoS attack. So far, only the mastodon.social instance has been targeted, leaving other servers unaffected.

Piper emphasized the advantages of decentralization: “Users with accounts on other Mastodon or Fediverse servers were completely unaffected, and in most cases, the outage would have been invisible to them — they have been able to access the network, read and share posts as usual.” This resilience highlights a key benefit of the Fediverse architecture.

Understanding DDoS Attacks and Their Impact

Distributed denial-of-service attacks flood a server with junk traffic to overwhelm it and knock it offline. While these cyberattacks do not involve data theft, they can severely disrupt user access. In 2024, Cloudflare mitigated what it called the largest DDoS attack ever, peaking at 29.7 terabits per second — equivalent to filling thousands of hard drives with data every minute.

For decentralized networks like Mastodon, DDoS attacks can cause instability but rarely take the entire ecosystem offline. For example, during Bluesky’s recent attack, users who migrated to providers like Blacksky remained unaffected. Similarly, this Mastodon DDoS attack only impacted the flagship server, not the many smaller instances that form the broader network.

Decentralization as a Defense Against Cyberattacks

This incident underscores a critical advantage of decentralized social networks: their ability to withstand targeted attacks. Unlike centralized platforms where a single server failure can cripple the entire service, Mastodon’s distributed nature means that a DDoS attack on one instance leaves others operational.

As cyberattacks grow more powerful, the Fediverse’s architecture offers a natural defense. Users on other servers can continue posting, reading, and sharing without interruption. For more on how decentralized networks handle security, check out our guide on securing your Fediverse presence.

Lessons from the Mastodon and Bluesky Attacks

Both Mastodon and Bluesky have faced DDoS attacks recently, highlighting the persistent threat to social media platforms. However, their responses demonstrate that rapid countermeasures and decentralized design can minimize disruption. Mastodon’s team restored access within hours, while Bluesky stabilized after days of effort.

Building on this, users should consider diversifying their accounts across multiple instances to enhance resilience. For tips on choosing a reliable server, see our guide to Mastodon server selection.

In summary, the Mastodon DDoS attack was a temporary setback for the flagship server, but the broader network remained robust. As decentralized social media grows, such incidents may become more common, but the Fediverse’s inherent strengths offer a powerful countermeasure.

Operation Atlantic Freezes $12 Million in Crypto Losses: How Approval Phishing Scams Were Disrupted

In a coordinated crackdown spanning three continents, law enforcement agencies from the United Kingdom, the United States, and Canada have joined forces to combat a rising tide of digital theft. The initiative, known as Operation Atlantic, has already frozen $12 million in crypto losses tied to a deceptive technique called approval phishing. This marks a significant victory in the ongoing battle against cryptocurrency fraud, which continues to drain billions from victims worldwide.

What Is Approval Phishing and How Does It Work?

Approval phishing is a sophisticated form of cybercrime where scammers trick victims into granting full access to their cryptocurrency wallets. Typically, this involves fake alerts or pop-ups that appear to come from trusted apps or services. Once the victim approves the transaction, the scammer can drain the wallet without needing passwords or private keys.

This method has become increasingly common, partly because it exploits the trust users place in legitimate platforms. According to a report from blockchain analytics firm Chainalysis, approval phishing scams netted criminals at least $1 billion between May 2021 and December 2023. The technique often incorporates romance fraud tactics, where scammers build emotional connections with victims before convincing them to sign approval transactions.

Operation Atlantic: A Global Response to Crypto Fraud

Operation Atlantic, led by the UK’s National Crime Agency (NCA) with support from the US Secret Service, Ontario Provincial Police, and Ontario Securities Commission, ran for one week last month. The operation resulted in the freezing of $12 million in crypto losses and identified an additional $33 million stolen through similar schemes.

Private sector partners, including Binance, Coinbase, Tether, and blockchain analytics firms Elliptic, TRM Labs, and Chainalysis, played a crucial role. The NCA reported that multiple fraud networks were “disrupted” during the operation, with over 20,000 crypto wallets linked to fraud victims across more than 30 countries identified. Authorities also contacted 3,000 victims directly and disrupted over 120 web domains used for fraudulent schemes.

Miles Bonfield, NCA deputy director of investigations, emphasized the power of collaboration: “This intensive action has led to the safeguarding of thousands of victims in the UK and overseas, stopped criminals in their tracks, and helped save others from losing their funds.” He added, “We know that fraudsters operate globally and, together with our international partners, so will the NCA to target them wherever they are based.”

The Scale of Crypto Crime: Billions Lost Annually

The success of Operation Atlantic highlights a broader problem. According to the FBI’s Internet Crime Report 2025, cryptocurrency-related crime cost victims over $11.3 billion last year. Cryptocurrency investment fraud alone accounted for $7.2 billion in losses—the vast majority of the $8.6 billion lost to all investment scams. This makes crypto fraud the highest-earning crime category for cybercriminals, far surpassing traditional phishing, which accounted for an estimated $215 million.

Brent Daniels, assistant director for the US Secret Service’s Office of Field Operations, noted: “Operation Atlantic demonstrated the importance and need for international collaboration to stop cryptocurrency fraud. Through this operation, investigators prevented millions of dollars in fraud losses and disrupted millions more in fraudulent transactions, denying criminals the ability to prey on innocent victims.”

How to Protect Yourself from Approval Phishing

Protecting against approval phishing requires vigilance. Never approve transactions from unsolicited pop-ups or emails, even if they appear legitimate. Always verify the source by contacting the service directly through official channels. Use hardware wallets for large holdings and enable multi-factor authentication where possible.

For more insights, read our guide on how to avoid crypto scams. Additionally, stay updated on the latest cryptocurrency fraud trends to recognize emerging threats.

Conclusion: A Model for Future Enforcement

Operation Atlantic serves as a powerful example of what global cooperation can achieve. By freezing $12 million in crypto losses and disrupting extensive fraud networks, the initiative has sent a clear message to cybercriminals. However, with billions still at stake, continued collaboration between law enforcement and the private sector remains essential. As the crypto landscape evolves, so too must the strategies to protect investors from exploitation.

North Korean Hackers Blamed for $290 Million Crypto Theft from Kelp DAO

A massive cryptocurrency heist over the weekend has shaken the decentralized finance (DeFi) world. Hackers made off with more than $290 million from Kelp DAO, a protocol designed to help users earn yields on idle crypto assets. By Monday, LayerZero—a project connected to the exploit—publicly accused North Korean hackers of orchestrating the attack. This theft now stands as the largest crypto theft of 2025, surpassing a $285 million breach at crypto exchange Drift in April.

How the Kelp DAO Hack Unfolded

According to a post on X (formerly Twitter), LayerZero revealed that the hackers targeted Kelp DAO through its bridge infrastructure. The LayerZero bridge enables different blockchains to communicate and transfer instructions seamlessly. However, the attackers exploited a critical flaw in Kelp’s security configuration.

Specifically, the protocol did not require multiple verifications before approving transactions. This oversight allowed the hackers to submit fraudulent transactions and drain the funds without raising immediate alarms. In essence, a single compromised step was enough to authorize the massive transfer.

North Korean Hackers: The Prime Suspects

LayerZero cited what it called “preliminary indicators” pointing to North Korea as the culprit. The company specifically named the TraderTraitor hacking group, which has a well-documented history of targeting crypto platforms. This group operates under the direction of Kim Jong Un’s regime and has become increasingly sophisticated in recent years.

Kelp DAO, however, did not accept the blame quietly. The protocol fired back, accusing LayerZero of negligence and suggesting that the bridge itself was the weak link. This finger-pointing highlights the growing tensions within the DeFi ecosystem when security breaches occur.

The Scale of North Korean Crypto Theft

The North Korean crypto theft problem is not new. Last year alone, hackers working for the regime stole more than $2 billion in digital assets. Since 2017, the cumulative total of stolen crypto attributed to North Korea has reached approximately $6 billion, according to industry analysts. These funds are believed to bankroll the country’s weapons programs and other state activities.

This latest heist underscores how North Korean hackers continue to refine their methods. They often exploit cross-chain bridges and DeFi protocols, which remain vulnerable due to their rapid development cycles and sometimes lax security standards.

Implications for DeFi Security

This incident serves as a stark reminder for the entire crypto industry. DeFi platforms must prioritize multi-signature verification and rigorous auditing of smart contracts. As security experts often note, even a single oversight can lead to catastrophic losses.

Moreover, the involvement of state-backed actors like TraderTraitor raises the stakes. These groups have virtually unlimited resources and patience, making them formidable adversaries for any protocol. Building on this, regulators are likely to intensify scrutiny of cross-chain bridges and decentralized exchanges.

What Kelp DAO and LayerZero Should Do Next

Both projects need to conduct transparent post-mortems and implement stronger safeguards. Kelp DAO should consider adopting threshold signatures and time-locked withdrawals. Meanwhile, LayerZero must ensure its bridge code is audited by multiple independent firms.

In addition, the broader community should push for shared threat intelligence. As best practices evolve, collaboration between protocols can help detect and prevent similar attacks in the future.

Ultimately, the $290 million heist is a wake-up call. The DeFi sector cannot afford to ignore the growing threat posed by North Korean hackers. Every protocol must treat security as a non-negotiable priority, not an afterthought.