On October 20, a glitch in Amazon’s US-EAST-1 region set off a chain reaction in the crypto industry. Coinbase reported degraded service, Infura and Alchemy posted AWS-related incident notes, and several wallets and rollups started timing out.
None of these failures came from the blockchains themselves. The consensus was fine. The problem was everything surrounding it: the cloud databases, RPC gateways, DNS, indexers, and key management systems that make a blockchain a useful app.
It was a sharp reminder that much of Web3 still relies heavily on Web2. When a region of AWS sneezed, a quarter of the crypto UI caught a cold.
The invisible monoculture
Behind the rhetoric of decentralization lies a silent dependency map that looks strikingly centralized. A typical dApp starts with a frontend hosted on S3 or Cloudflare Pages, served via a CDN like Fastly, and resolved by Route 53 or Cloudflare DNS.
Below that are read/write RPCs, often Infura, Alchemy or QuickNode, most of which themselves run on AWS or another of the “Big 3” clouds. Then come indexers like The Graph of Covalent, sequencing services on rollups, and custodial or key management systems like Fireblocks. Each layer introduces a single point of failure.
When AWS’s DynamoDB and DNS services faltered, multiple layers were affected at once. Coinbase’s API slowed down, Infura and Alchemy reported upstream AWS issues, and several rollups had their sequencers hang until manually intervened. Even The Graph’s indexer for zkSync had a similar vulnerability weeks earlier.
The illusion of redundancy also disappeared. Two independent RPC providers each promise “four-nines” uptime, but if they are both in the same cloud region, their errors are correlated. Statistically, independence collapses: the effective correlation coefficient between AWS-centric stacks can reach 0.9.
This concentration is not limited to crypto. AWS still holds about 30-32% of the global cloud share, Azure about 20% and Google Cloud 13%. A six-hour disruption across a large region will impact DNS, object storage, and database services used by thousands of companies.
For crypto apps, this means that between 10% and 30% of EVM-based frontends or reading functions could degrade during such an event. Writes and transactions that rely on sequencers or save paths can completely crash.
The Myth of Independence
It’s easy to merge on-chain resilience with application resilience. Blockchains like Ethereum or Solana can maintain consensus through global nodes; However, the tools people actually use often rely on centralized intermediaries. Solana’s five-hour shutdown in February 2024 was a chain failure, but the AWS outage was not. It was off-chain, and much more common.
Each layer adds its own Achilles heel.
- Sequencers on L2s are still mostly single-operator setups. If their connection to Ethereum’s RPC is lost, so too will their ability to post new batches.
- Content delivery and DNS add even more vulnerability: the July 14 issue with Cloudflare’s fix left parts of the internet inaccessible for nearly an hour.
- Even ‘decentralized’ storage can still rely on one company. The failure of Infura’s IPFS gateway on September 20 halted access to assets that were theoretically mirrored across the network.
- Custody and key management platforms such as Fireblocks, used by exchanges and funds, themselves experienced processing delays on October 26 and September 17, causing withdrawals and settlements to stall.
These errors matter because they erode user confidence more than protocol uptime ever could. A wallet that shows an old balance, or a bridge transaction that remains in limbo, undermines confidence in the decentralization it claims to offer.
Regulators are starting to take notice. The EU’s Digital Operational Resilience Act (DORA), which comes into effect in January 2025, will force financial entities to test and report IT dependencies on third parties. The UK’s ‘Critical Third Parties’ regime is expected to bring hyperscalers under direct supervision next year.
As crypto custody, stablecoin issuers and tokenized asset platforms now overlap with regulated finance, the same expectations for cloud diversification will soon apply here as well. Cloud dependence on a single vendor is turning into a risk at the board level.
The solution isn’t glamorous, but it’s coming
Solutions are shipping. In the near term, developers are introducing provider quorum RPCs that query multiple endpoints, self-hosted, SaaS, and decentralized (like Pocket Network), and only display a result if two of the three agree. Tools like Helios bring light client authentication directly to wallets and mobile apps, allowing users to validate data without relying on a centralized gateway.
Infrastructure teams use multi-CDN and multi-DNS configurations with active failover. For storage, running your own IPFS gateway or mirroring assets on Arweave or Irys will become standard. In the rollup world, projects like Espresso, Radius, and Astria are building shared or decentralized sequencers, while OP Stack has started rolling out permissionless error proofs.
Further down the roadmap, Ethereum’s PeerDAS proposal aims to make data availability checks affordable enough to implement at the wallet level. Combined with lightweight clients, this could push authentication to the edges of the network rather than the center of the cloud.
Institutional pressures will reinforce these shifts. Under the DORA and UK CTP rules, multi-cloud architectures become policy, not preference. Expect major custodians and exchanges to demand vendor diversification across RPCs, indexers and key management providers.
None of this will make crypto completely independent of traditional infrastructure, but it will narrow the gap between the ideals of decentralization and the messy operational reality. The lesson of October 20 is not that blockchains have failed, but that the supporting scaffolding has not yet caught up.
A truly decentralized app doesn’t mean that every user runs a server; it means that no server can shut down the system. Until this is the standard, every “Web3” outage will still start the same way: when the cloud sneezes, the blockchain shivers.
