The Myth of Reliability

Blockchain developers operate under an implicit assumption: the read layer works. RPC endpoints respond. Indexers return data. APIs stay up. This assumption is so deeply embedded that most applications have no fallback when it fails.

It fails more often than you think.

The incidents documented here aren't hypotheticals. They're not theoretical attack vectors or academic concerns. They're real outages that took down real applications, froze real trades, and left real users staring at broken interfaces. The blockchain kept running. The applications didn't.

Every one of these failures traces back to the same architectural flaw: applications built on trustless infrastructure, accessing it through infrastructure that isn't.

October 2025: The Day Web3 Went Dark

The most significant infrastructure failure in blockchain history happened on October 20, 2025.

An AWS outage in US-East-1, triggered by a DNS race condition in DynamoDB's automated management system, cascaded through the entire blockchain data stack. For over 15 hours, the read layer effectively ceased to exist for most of Web3.

The impact was immediate and comprehensive. MetaMask users opened their wallets to find zero balances across all networks. Not incorrect balances. Zero. The wallet couldn't reach its RPC providers, so it had nothing to display.

Uniswap trading froze. The interface couldn't query pool states, so it couldn't calculate prices, so it couldn't execute swaps. The contracts were fine. The liquidity was there. Users just couldn't access it.

Aave borrowing and lending stalled. Oracle delays meant the protocol couldn't safely process new positions. Users with active loans watched their health factors become unknowable.

Every major Layer 2, Base, Optimism, Arbitrum, Polygon, Linea, Scroll, experienced what analysts called "front-end darkouts." The chains kept producing blocks. The applications built on them went blind.

Industry analysts estimated the impact at $2.8 billion. One post-mortem noted: "The outage exposed how much of 'Web3' still runs on Web2 cloud rails."

The root cause wasn't a blockchain failure. It wasn't a smart contract bug. It wasn't a consensus attack. It was a DNS configuration issue at a cloud provider that most of Web3 had unwittingly made itself dependent on.

Infura, Alchemy, MetaMask, Coinbase, Base, Uniswap, Aave, OpenSea. All downstream of the same infrastructure. All dark at the same time. All because the "trustless" read layer ran on infrastructure that requires trusting a single cloud provider.

The Lessons We Refuse to Learn

Here's the uncomfortable truth: October 2025 shouldn't have surprised anyone.

Infura went down in April 2022. MetaMask stopped working for 30 million users. Gas fees collapsed because people couldn't submit transactions. The industry noticed, talked about infrastructure resilience for a week, then went back to building on the same single points of failure.

Infura went down again in November 2024. Multiple networks. MetaMask acknowledged it publicly. 49,000 developers saw the announcement. Everyone waited for service to resume, then carried on as before.

StatusGator has tracked over 565 Alchemy incidents since August 2023. Over 3,014 QuickNode incidents since June 2022. These aren't secrets. The status pages are public. The pattern is obvious.

And yet.

Every time, the same cycle. Outage happens. Twitter lights up. Developers complain. Service resumes. Everyone goes back to work. Nothing changes architecturally. The next outage is just a matter of time.

How many more outages before we admit the architecture is broken? How many more "front-end darkouts" before we stop treating them as anomalies and start treating them as the predictable consequences of infrastructure that isn't trustless, isn't verifiable, and isn't resilient? How many billions in frozen trades, missed liquidations, and broken user experiences before we decide the current approach isn't working?

The blockchain kept producing blocks through every single one of these incidents. Consensus never failed. The networks were fine. Applications broke because the read layer broke. And the read layer broke because we built it wrong.

The Saviors That Weren't

When centralized indexers proved fragile, the industry's answer was "decentralized" indexing protocols. The Graph, SubQuery, Subsquid. Networks of independent operators staking tokens and earning fees to serve queries. In theory, the solution to centralized infrastructure failing.

In practice, same problems, different wrapper.

These protocols didn't change the data layer. They changed the economic layer. They created token-incentivized marketplaces where independent operators run the same centralized infrastructure and compete to serve queries. The operators still run nodes on traditional cloud providers or their own servers. The data still flows through centralized chokepoints. The architecture that fails during cloud outages is identical.

What changed is who gets paid. Instead of paying Alchemy directly, you pay operators through a token. Instead of trusting one company, you trust that economic incentives will keep a network of companies honest. The infrastructure serving your queries is just as fragile. Now there's a token attached to it.

The data is still unverifiable. The access is still permissioned by whoever runs the infrastructure. You still can't cryptographically prove that the data you receive is accurate. Economic incentives aren't cryptographic proofs.

StatusGator has tracked over 1,077 service disruptions for The Graph since September 2022. Roughly one per day for over three years. When a Uniswap subgraph halted, it took down uniswap.info and every application querying Uniswap data through the network. Server overload at 6,000+ queries per second. Hours of re-syncing required. The "decentralized" network failed the same way a centralized one would.

On June 12, 2024, The Graph sunset its hosted service. Developers had to migrate to the decentralized network, purchase and stake GRT tokens, and accept a new set of reliability tradeoffs. Many fled to centralized alternatives instead. The "decentralized" option was more expensive and less reliable than the centralized ones it was supposed to replace.

This is the lesson we should have learned: slapping a token on centralized infrastructure doesn't make it trustless. Economic incentives don't fix architectural flaws. A marketplace of operators running unverifiable infrastructure is still unverifiable at every point that matters.

The lesson we actually learned: "decentralized" is a marketing term now. The architecture stayed the same.

When Providers Disappear

Sometimes the failure isn't an outage. It's an extinction.

In October 2025, Bware Labs confirmed that Blast API, one of the most widely used RPC providers in Web3, was shutting down, reportedly ahead of an acquisition by Alchemy. Developers who had built on Blast API had to scramble to migrate their infrastructure on short notice.

This should have been a wake-up call about vendor dependency. Instead, most developers just migrated to another centralized provider and moved on.

The lesson we should have learned: your application's availability is only as stable as your provider's business model. Centralized providers can be acquired, can pivot, can shut down, can change terms of service. Building on them means inheriting that fragility. Sovereignty over your data infrastructure isn't optional if you want your application to outlive your vendor's business decisions.

The lesson we actually learned: nothing. The migration playbook got a little better. The dependency didn't change.

Censorship as a Feature

Outages are one failure mode. Censorship is another.

In August 2022, following OFAC sanctions on Tornado Cash, Infura and Alchemy blocked addresses associated with the protocol. Aave, Uniswap, Balancer, and dYdX front-ends blocked associated addresses. Circle froze 75,000 USDC in a Tornado Cash wallet.

The blockchain didn't censor anyone. The read layer did.

This isn't an argument about Tornado Cash specifically. It's an observation about capability. Centralized RPC providers demonstrated that they can restrict access based on regulatory pressure. They can decide which addresses get service and which don't. They can implement geographic blocking, which they did for users in sanctioned countries trying to access MetaMask and OpenSea.

The permissionless blockchain became permissioned at the API layer.

The lesson we should have learned: if your read layer can censor, your application can be censored, regardless of how the underlying blockchain works.

The lesson we actually learned: some users need VPNs now. The architecture stayed the same.

The Concentration We Keep Ignoring

These failures aren't random. They're structural, consequences of how concentrated the read layer has become.

Infura and Alchemy together handle an estimated 90% of Web3 RPC traffic. Two companies. Ninety percent. The consensus layer works without trusting anyone. The read layer requires trusting two companies to stay online, serve accurate data, and not decide your address doesn't deserve service.

Everyone knows these numbers. They get cited in conference talks and Twitter threads after every major outage. Then everyone goes back to building on the same infrastructure because it's convenient and the alternatives seem hard.

This isn't trustless infrastructure. It's a hierarchy of single points of failure, each one capable of taking down everything above it. And we've decided to live with it, even though it means our "trustless" applications require trusting two companies to stay online and serve accurate data.

What Would It Take?

Serious question: what would it actually take for the industry to change course?

October 2025 took down most of Web3 for 15 hours. Billions in impact. It wasn't enough.

Would a 48-hour outage do it? A week? Would it take a major protocol getting exploited because oracle data was stale during an outage? Would it take a regulatory action that forces RPC providers to block entire categories of transactions?

At what point does "build workarounds and hope for the best" stop being an acceptable strategy?

The blockchain kept producing blocks through every single one of these failures. The infrastructure for a resilient read layer exists. Validators already process every transaction. They already maintain state. They're already geographically distributed across different operators and jurisdictions. The components are there. We're just not using them.

A read layer built on validators, distributing data through peer-to-peer networks, wouldn't require trusting any single provider. Data would be verifiable through cryptographic proofs. Access would be permissionless. Applications could maintain sovereignty over their own infrastructure. No single points of failure at the cloud layer. No censorship capability at the API layer.

The next AWS outage is coming. The next Infura incident is coming. The next "decentralized" indexer disruption is coming. The question isn't whether the read layer will fail again. It will.

The question is whether we'll still be making excuses for it.

Shinzo is building read layer infrastructure designed for resilience. Validator-native indexing. Peer-to-peer distribution. No single points of failure.

Come build with us: X · Telegram · Discord · GitHub