Mastodon's Main Server Knocked Offline by DDoS Attack

Mastodon Hit by Distributed Denial-of-Service Attack

Mastodon, the decentralized social networking platform, confirmed that its primary server — mastodon.social — came under a distributed denial-of-service (DDoS) attack on Monday morning, temporarily disrupting access for thousands of users. The attack left much of the site unreachable, with visitors encountering error messages or full-screen outage notifications.

Timeline of the Attack

At approximately 7:00 a.m. ET, Mastodon's team published a status update acknowledging the cyberattack and confirming that an investigation was underway. Within roughly two hours, by 9:05 a.m. ET, the company announced it had successfully deployed countermeasures, restoring access to the site. Officials cautioned, however, that intermittent instability could persist as the attack was still ongoing at that point.

According to a statement provided to TechCrunch, the millions of malicious requests observed were consistent with the hallmark patterns of a DDoS attack. Crucially, the assault was limited to the mastodon.social instance, leaving the broader network of smaller Mastodon servers entirely unaffected.

Decentralization Proves to Be a Strength

Andy Piper, Mastodon's head of communications, highlighted how the platform's decentralized architecture worked in its favor during the crisis.

"This is a case where the decentralized nature of the Fediverse is a true advantage," Piper stated. "Users with accounts on other Mastodon or any other Fediverse servers were completely unaffected. In most cases, the outage would have been invisible to them — they continued to access the network, read posts, and share content as usual."

This decentralized model means that even when a major node like mastodon.social is targeted, the wider ecosystem of interconnected servers continues to function normally.

A Pattern of Attacks on Decentralized Social Platforms

Monday's incident follows closely on the heels of a prolonged DDoS attack against Bluesky, another decentralized social network, which endured days of outages before stabilizing. As of April 17, Bluesky reported that while the attack was technically ongoing, its services had remained stable since April 16 at 9:00 p.m. PDT.

The back-to-back attacks on two prominent decentralized platforms raise questions about the growing threat landscape facing alternative social networks. In Bluesky's case, users who had migrated their accounts to third-party providers running on the same protocol — such as Blacksky — experienced no disruption whatsoever, further underscoring the resilience built into federated network designs.

What Is a DDoS Attack?

A distributed denial-of-service attack works by overwhelming a server or application with an enormous volume of junk traffic, effectively pushing it offline. While these attacks do not involve the theft or compromise of user data, they can cause significant service disruptions and erode user trust.

The scale of DDoS attacks has grown dramatically in recent years. In 2024, cybersecurity firm Cloudflare reported mitigating what it described as the largest DDoS attack ever recorded, peaking at an astonishing 29.7 terabits per second — a volume roughly equivalent to filling thousands of hard drives with data every single minute.

Only the Flagship Server Was Targeted

It is worth emphasizing that only mastodon.social, the largest and most prominent Mastodon instance, was affected by Monday's attack. The many independent servers that collectively form the Mastodon network continued to operate without interruption, allowing the vast majority of the platform's users to go about their online activity unhindered.

This episode serves as a reminder of both the vulnerabilities and the inherent resilience of decentralized social networking infrastructure — and why many users and developers continue to advocate for federated platforms as a more robust alternative to centralized social media giants.