📖 Term 🟢 Plain English 🔰 Beginner

🚧 DoS Attack Denial-of-Service

A denial-of-service attack floods a server, service, or network with fake traffic or junk requests until it runs out of resources and can no longer serve real users. The service isn't hacked open — it's just too swamped to respond.

💡
Common misconception — "Crypto is decentralized, so it can't be taken down." Not so fast! The base blockchain is tough to flood, but the apps you actually log into — exchanges, wallets, dApp front-ends — are often centralized and can go offline.
🤖Fake Trafficthousands of junk requests🖥️Overwhelmed Serverout of resources🧑Real Usercan't get in
🤖 Junk traffic floods the door → 🖥️ the server is swamped → 🧑 the real user is shut out. The service isn't broken — it's just too busy with junk to answer.

🚪 The simple version — a jammed doorway

Picture a small shop. A crowd of fake customers piles into the doorway and refuses to move. Nothing inside is broken, but real customers can't squeeze past, so the shop effectively stops working. A DoS attack does the same thing to a computer: the attacker sends far more requests than the server can handle, so it slows to a crawl or crashes. The goal isn't to break in or steal anything — it's to make the service unavailable. Downtime can last anywhere from hours to much longer.

🤖 DoS vs DDoS — one attacker or an army?

A plain DoS attack comes from a single machine, which makes it fairly easy to spot and block. A DDoS (Distributed Denial-of-Service) spreads the flood across many machines at once — usually a botnet of hijacked devices the owners don't even know are involved. That makes it much harder to filter and far more damaging. DDoS is the more common form today.

TypeWhere the flood comes fromHow hard to block
🖥️ DoSOne source machineEasier — block one address
🌐 DDoSMany machines (a botnet)Much harder — traffic comes from everywhere

🧩 The common flood recipes

Attackers abuse different weak spots in how networks process requests. You don't need to memorize these, but the names show up in news reports:

  • 📦 Buffer overflow — sends more data than a program reserved room for, so it chokes
  • 📡 ICMP (ping) flood — bombards the target with "are you there?" pings until it's overloaded
  • 🤝 SYN flood — opens a flood of half-finished connections that never complete, tying up the server

💸 Why this matters in crypto

The services a beginner actually uses are centralized choke points: exchanges, wallet apps, dApp front-end websites, and RPC nodes. All of them can be knocked offline by a DDoS. Crypto was the most DDoS-attacked sector by traffic volume in Q4 2023, accounting for over 4% of all DDoS traffic worldwide. For you, the danger isn't theft — it's getting locked out at a bad moment, unable to trade or withdraw while a service is down.

🧱 Can a blockchain itself be flooded?

The base chain is hard to take down because it's spread across many nodes — there's no single server to overwhelm. But there's a twist: most chains have a fixed block size and a cap on how many transactions fit per block. An attacker can send a flood of spam transactions to fill the blocks and crowd out legitimate ones. The chain stays "up," yet real users face jammed throughput and high gas fees. A rarer variant called BDoS targets Proof-of-Work chains by disrupting miner incentives, though real-world attempts have been very rare and unsuccessful.

📉 Real example — Solana's congestion outages

Solana is the classic case study. In September 2021 it suffered a roughly 17-hour outage when mass botting flooded the network during a token launch. In January 2022 a spam-transaction flood caused a roughly 5-hour outage. More recently the network absorbed a very large DDoS with no downtime — a sign of how much its resilience has improved since those early years.

🛡️ Takeaway for beginners: a service going dark isn't always a hack. Outages from spam and DDoS are common, and the fix is usually patience, not panic — never rush to "rescue" funds through a link someone DMs you during downtime.

❓ FAQ

If crypto is decentralized, can it even be hit by a DoS attack?
The base blockchain is hard to knock over because there's no single server to flood. But the things beginners actually use — exchanges, wallet apps, dApp front-ends, RPC nodes — are often centralized and can be taken offline by a DDoS. And chains with limited capacity can still be clogged by spam transactions even when they aren't fully down.
What's the difference between DoS and DDoS?
A DoS attack comes from one source. A DDoS (Distributed Denial-of-Service) uses many machines at once, usually a botnet of hijacked devices, which makes it harder to block and more damaging. DDoS is the more common form today.
Does a DoS attack steal my coins?
No. A DoS attack is about availability, not theft — it makes a service unreachable, it doesn't break in or move funds. The risk to you is being locked out at a bad moment, like not being able to trade or withdraw while a service is down.

🔗 Related