Article
Incident update: Mitigating a DDoS attack on April 21, 2025
On April 21, 2025, Adyen experienced a Distributed-Denial-of-Service (DDoS) attack that impacted the availability of several of our (payment) services hosted in the European region. This resulted in degradation of our platform’s performance, impacting some of our customers.
On April 21, 2025, Adyen experienced a Distributed-Denial-of-Service (DDoS) attack that impacted the availability of several of our (payment) services hosted in the European region. This resulted in degradation of our platform’s performance, impacting some of our customers.
Reliability is a cornerstone of our business, both for our customers and within our own operations. We take this responsibility seriously, and we deeply regret the disruption this may have caused to your business. Transparency is key, especially when things go wrong. This update outlines what happened, what we’ve done so far, and the actions we are taking to prevent it from happening in the future.
What happened?
At 18:51 CEST on April 21, 2025, our monitoring systems detected elevated error rates and latency across multiple payment services hosted in the European region. Our engineering teams immediately began investigating and quickly identified a DDoS attack targeting services across our European datacenters.
The attack unfolded in three distinct waves, each with a unique pattern that required continuous adjustments to our mitigation strategies. As one wave was mitigated, a new wave with a different signature emerged. At peak, the attack generated millions of requests per minute, originating from a globally distributed and constantly shifting set of IP addresses. This caused saturation of key infrastructure components which resulted in intermittent availability of some of our services.
What was impacted
The DDoS attack specifically targeted services within our European datacenters, which support our transaction processing services and customer-facing applications. As a result, it caused intermittent outages and degraded performance across the EU region, with the main impact for Ecommerce and In-Person Payment Transaction processing occurring between 18:51 CEST and 19:35 CEST. During this time window, our Customer Area, Hosted Onboarding, and Transfer API services were also degraded. As a result of our deliberate mitigations, checkout services such as Session Integrations, Secured Fields, and Pay by Link, remained impacted throughout the entire incident. These issues led to failed or delayed transactions for some customers during the affected timeframes.
What did we do?
Our teams activated mitigation strategies immediately upon detecting the attack. This included enabling anti-DDoS protections, scaling internal defenses, offloading traffic away from affected services, and deploying targeted filtering rules to block malicious traffic. We actively blocked the most aggressive sources of traffic coming from a very wide range of IP addresses. Our actions helped restore services after each wave of attack, though some services continued to experience degraded performance for some time. Once mitigated, our engineering teams worked to ensure all customer facing systems were operating normally, while our platform operations teams kept customers informed throughout the incident with timely updates on impact and resolution progress.
The incident was marked as resolved by 03:20 CEST on April 22, 2025.
What’s next?
We’re continuing to monitor and mitigate further attack attempts. A detailed post-incident review, including root cause analysis and long term prevention measures, will be made available to our customers. We understand how important our platform is to your business, and ensuring the resilience of our platform against future attacks is our ongoing focus.
Thank you for your patience and partnership.
Tom Adams, CTO