If Web3 is decentralized, why do DeFi dApps still break when the cloud goes down?

On Oct. 20, a hiccup in Amazon’s US-EAST-1 region set off a chain reaction across the crypto industry. Coinbase reported degraded service, Infura and Alchemy posted AWS-related incident notes, and several wallets and rollups began timing out.

None of these failures came from the blockchains themselves. Consensus was fine. The problem was everything wrapped around it: the cloud databases, RPC gateways, DNS, indexers, and key-management systems that turn a blockchain into a usable app.

It was a sharp reminder that much of Web3 still leans heavily on Web2. When one region of AWS sneezed, a quarter of crypto’s user interface caught a cold.

The invisible monoculture

Behind the rhetoric of decentralization lies a quiet dependency map that looks strikingly centralized. A typical dApp starts with a frontend hosted on S3 or Cloudflare Pages, served through a CDN such as Fastly, and resolved by Route 53 or Cloudflare DNS.

Beneath that are read and write RPCs, often Infura, Alchemy, or QuickNode, most of which themselves run on AWS or another of the “Big 3” clouds. Then come indexers like The Graph or Covalent, sequencing services on rollups, and custody or key-management systems such as Fireblocks. Each layer introduces a single point of failure.

When AWS’s DynamoDB and DNS services faltered, multiple layers were hit simultaneously. Coinbase’s API slowed, Infura and Alchemy reported upstream AWS issues, and several rollups saw their sequencers stall until manual intervention. Even The Graph’s indexer for zkSync had already shown similar fragility weeks earlier.

The illusion of redundancy also broke down. Two independent RPC providers each promise “four-nines” uptime, but if they’re both on the same cloud region, their failures are correlated. Statistically, independence collapses: the effective correlation coefficient between AWS-centric stacks may reach 0.9.

This concentration isn’t confined to crypto. AWS still holds roughly 30–32% of the global cloud share, Azure about 20%, and Google Cloud 13%. A six-hour disruption in one major region ripples through DNS, object storage, and database services used by thousands of companies.

For crypto apps, this means that between 10% and 30% of EVM-based frontends or read functions may degrade during such an event. Writes and transactions that depend on sequencers or custodial signing paths can freeze entirely.

The myth of independence

It’s easy to conflate on-chain resilience with application resilience. Blockchains like Ethereum or Solana may maintain consensus through global nodes; however, the tools people actually use often depend on centralized intermediaries. Solana’s five-hour halt in February 2024 was an on-chain failure, but the AWS outage wasn’t. It was an off-chain one, and far more common.

Each layer adds its own Achilles’ heel.

• Sequencers on L2s are still mostly single-operator setups. If their connection to Ethereum’s RPC is broken, so is their ability to post new batches.
• Content delivery and DNS introduce further fragility: Cloudflare’s Jul. 14 resolver issue left parts of the internet unreachable for nearly an hour.
• Even “decentralized” storage can still rely on a single company. Infura’s IPFS gateway outage on Sep. 20 halted access to assets that were theoretically mirrored across the network.
• Custody and key-management platforms, such as Fireblocks, used by exchanges and funds, have themselves experienced processing delays on Oct. 26 and Sep. 17, stalling withdrawals and settlements.

These failures matter because they affect user trust more than protocol uptime ever could. A wallet displaying a stale balance, or a bridge transaction stuck in limbo, erodes confidence in the very decentralization it claims to offer.

Regulators have started to notice. The EU’s Digital Operational Resilience Act (DORA), effective January 2025, forces financial entities to test and report third-party ICT dependencies. The UK’s “Critical Third Parties” regime is expected to bring hyperscalers under direct oversight next year.

Since crypto custody, stablecoin issuers, and tokenized-asset platforms now overlap with regulated finance, the same expectations for cloud diversification will soon apply here too. Single-vendor cloud reliance is turning into a board-level risk.

The fix isn’t glamorous, but it’s coming

Solutions are shipping. In the short term, developers are introducing provider-quorum RPCs that query multiple endpoints, self-hosted, SaaS, and decentralized (such as Pocket Network), and display a result only if two out of three agree. Tools such as Helios bring light-client verification directly into wallets and mobile apps, letting users validate data without relying on a centralized gateway.

Infrastructure teams are adopting multi-CDN and multi-DNS setups with active failover. For storage, running one’s own IPFS gateway or mirroring assets on Arweave or Irys is becoming standard. In the rollup world, projects like Espresso, Radius, and Astria are building shared or decentralized sequencers, while OP Stack has begun rolling out permissionless fault proofs.

Further down the roadmap, Ethereum’s PeerDAS proposal aims to make data-availability checks affordable enough to run at the wallet level. Combined with light clients, this could push verification toward the edges of the network rather than the cloud’s center.

Institutional pressure will reinforce these shifts. Under DORA and UK CTP rules, multi-cloud architectures are becoming policy, not preference. Expect large custodians and exchanges to demand vendor diversification across RPCs, indexers, and key-management providers.

None of this will make crypto fully independent of traditional infrastructure, but it will narrow the gap between the ideals of decentralization and the messy operational reality. The lesson from Oct. 20 isn’t that blockchains failed, it’s that the supporting scaffolding hasn’t yet caught up.

A truly decentralized app won’t mean every user runs a server; it will mean no single server can take the system down. Until that’s the default, every “Web3” outage will still start the same way: when the cloud sneezes, the blockchain shivers.