Dwolla Is Latest Victim Of DDoS Attacks – Site & API Down For Second Day

While the media continues to debate the severity of the denial-of-service attacks taking place across the web this month, they appear to have claimed another victim: payments startup Dwolla announced today that it, too, is now experiencing a distributed denial-of-service event (DDoS attack). The attack, which is still underway, began yesterday, resulting in either limited or no availability to the company’s website, Dwolla.com.

In a brief message posted to Dwolla’s blog, the company says that the event is still ongoing, and is preventing people from viewing the site and accessing Dwolla’s service. Also affected are third-party developers, who are using the company’s APIs to integrate Dwolla’s payment technologies into their own sites and services.

These developers were notified today, and Dwolla says that it’s working with service providers to resolve the issue.


Responding in the comments section of the post, the company told concerned users and developers that the consumer-facing API is unavailable at present, but as far as the company knows right now, actual fraud is not involved – that is, there’s no risk to users’ money, nor will this have affected transactions that took place before the attacks began.

“Funds are fine, and we do have our fraud team actively monitoring the entire situation,” wrote a Dwolla company representative, addressing a commenter’s complaint.

The company says that the attack is actually affecting its hosting provider, and they’re unsure at this time if it’s related to the SpamHaus situation.

One of the service providers that Dwolla is working with is CloudFlare, the Internet security firm that’s stepped in to protect a number of companies in the wake of these recent attacks. (You can see a CloudFlare message appear upon visiting the Dwolla.com domain at present).

The New York Times quoted CloudFlare CEO Matthew Prince this week, who equated the DDoS attacks to the Internet’s version of a “nuclear bomb.” Gizmodo later followed up on this report and another from the BBC, downplaying the scale of the attacks – they’re not affecting the entire Internet, Gizmodo claims.

Full text of the Dwolla.com blog post below, in case you’re unable to pull it up yourself (or choose not to, out of kindness):

Dwolla.com updates 

Yesterday afternoon, Dwolla’s service providers became the victim of a distributed denial of service event, resulting in limited or no availability to the website, Dwolla.com.

This advanced event, still persists today, and is preventing people from viewing the website and consequently accessing its services. We apologize for this inconvenience and are working hard with our service providers to resolve the issue.

In the meantime, we will continue to update this post with more details.

(UPDATE 1:50pm CT: Third-party developers have been formally notified of the service interruption. Our team continues to work closely with service providers.)

UPDATE,  3/28/13 7:40 pm ET:  Dwolla’s web app is back online. Mobile and API are being tested. More to come.

UPDATE #2, 3/29/13, 1:30 pm ET: Dwolla’s API and mobile are functioning now.