Against the background of protests related to the Belarus presidential elections, residents of the country were cut off from the Internet for several days from August 9 to 11. The authorities blamed everything on DDoS attacks by outside forces, but experts disagreed with them. The Belarusians were forced to resort to various manipulations in order to bypass the blockages and use the suddenly taken basic right to access the network.
The problems with access to the Internet in Belarus began on the eve of the presidential elections on August 9. According to analysts’ calculations, the traffic from Belarus dropped 10 times that day: from 200 GB per second to 20 GB. All websites stopped loading. Messengers, social networks, and many VPN services did not work. Even Telegram was accessible only with the help of special proxies and a blocking bypass mechanism – and even then not for everyone.
Update: Multiple internet providers in #Belarus have lost routing as polling stations start to close from 8:00 p.m; geolocated network data confirm the new disruption has nation-scale impact further limiting visibility of events 📵 #Belarus2020
— NetBlocks.org (@netblocks) August 9, 2020
On the evening of August 9, the Internet stopped working altogether. According to the official version, the reason was DDoS attacks on Beltelecom from abroad, although many experts doubt this. Full communication was restored only on 12 August.
As you know, Belarus is one of the main blockchain hubs in Eastern Europe. Thanks to advanced cryptocurrency legislation, there are many fintech startups operating here, as well as a number of regulated crypto exchanges.
Rumors of a possible Internet shutdown appeared even before the elections. Any exchange has a plan of action in case of a connection failure, which can be provoked by equipment breakdown, natural disaster, and other unforeseen events.
Such a plan involves the distribution of system elements and standby instances of the trading floor at different capacities in data centers that are independent of each other. Exchange data centers do not have to be located in the same place where the company is registered.
The ideal option is the so-called geographic redundancy, that is, the location of backups in different cities and countries. This is relevant in the in Latin America, China, and other regions, where the actions of the authorities and regulators can be unpredictable.
Thanks to the distributed and redundant infrastructure, the trading interfaces of the exchanges continued to operate normally during the shutdown. All traders outside Belarus traded calmly, not even suspecting about the crisis in Minsk.
If trade deals simply do not work, then this is not so bad. Clients start to really panic when they cannot withdraw money. We have replenished the exchange wallets for the withdrawal of funds to the maximum in advance in order to process all requests if necessary.
As a result, there was no panic wave of conclusions. Belarusian users had problems to buy crypto, but they solved them on the same day. Customers from Belarus, who created applications for the purchase of cryptocurrencies through a bank card, received their assets on the same day. International acquiring worked without any interruptions.
The crypto exchanges always have support staff based outside the country. When the Internet connection is lost, client requests are switched to them.
And so it happened at the shutdown. Although traders in Belarus had difficulty connecting with support without a VPN, all other clients received assistance as usual.
In addition, the support staff, whenever possible, personally contacted major Belarusian clients to clarify the situation and assure them that nothing threatened their funds.
At first, clients from Belarus could not understand whether the problem was on their side, or whether the exchange was hacked by hackers.
Indeed, it might seem like a country-level internet shutdown is a great opportunity for hackers to find a loophole and get into the system while everyone else is concerned. But in reality, the risk of a DDoS attack or other forms of interference in such a situation is not higher than on any other day, since the security systems are operating normally.
But the clients of the exchanges themselves need to be on the lookout at such moments: attackers can take advantage of the fact that the technical support of the exchange is not available and try to lure data from the user using email phishing.
For example, a trader may receive an email from a fake support service with a request to urgently log into an account in order to protect it. As soon as you click on the link in the letter and enter your login and password, the criminal will immediately withdraw all funds from the exchange account.
The economy of Belarus itself has gone through the Internet shutdown quite hard. The total daily losses were estimated at $ 56 million. For a small country, these are significant amounts.
On the other hand, many Belarusians have discovered what a VPN is and are ready to repeat this scenario. I am sure that many businesses have drawn the right conclusions and have already begun to prepare the reserve infrastructure.
Following these rules, crypto exchanges in Belarus moved the Internet shutdown with minimal losses. Trade outside the country continued without problems. In Belarus itself, our clients switched to VPN, and after a couple of days, the connection was restored. There were no major attacks on exchanges or a noticeable drop in revenue.
Today, a simple shutdown of the Internet cannot damage the exchange, but users in conditions of uncertainty can succumb to the tricks of phishers and other intruders.