How Vocdoni and Society22 secured the 2026 Coordination Council of Belarus election
Belarus’ 2026 Coordination Council election faced 24 billion malicious requests and 68TB of attack traffic. Despite sustained cyberattacks, Vocdoni and Society22 kept the election online, verifiable, and censorship-resistant, enabling 2,113 participants to vote securely.
In May 2026, Belarusian democratic forces held an election that could not safely happen in polling stations. Their electorate was spread across borders, many participants were operating under political pressure or in exile, and the vote itself became the target of a sustained attack campaign.
From 11 to 19 May, 2,113 participants voted online in the election to renew the Coordination Council of Belarus, a representative body connected to Belarusian democratic forces, civil society, and diaspora communities. For the second time, following the 2024 election, Vocdoni provided the end-to-end verifiable and censorship-resistant voting infrastructure that made secure online participation possible, while Society22, a civic initiative and digital platform serving Belarusian democratic and diaspora communities, operated the identity and access layer.
The election took place under exceptional pressure. The surrounding platform was attacked continuously from multiple fronts, facing roughly 24 billion requests and around 68TB of attack traffic during the election period, including sophisticated traffic patterns designed to resemble normal human activity. Despite this, Vocdoni’s voting infrastructure recorded 99.45% uptime, while the broader Society22 platform reported 95.2% uptime. More importantly, the ballots cast through Vocdoni remained independently verifiable. This was not an isolated event, across 2025, Cloudflare reported mitigating 47.1 million DDoS attacks, a 121% increase year over year.
This case shows why verifiable and censorship-resistant participation infrastructure matters, especially in high-risk political environments. A serious digital election must protect ballot integrity, voter privacy, and public verifiability, even when the surrounding platform is under attack.
Key Takeaways
- Vocdoni ran the voting infrastructure for the 2026 Coordination Council of Belarus election, its second time supporting this body after the 2024 vote.
- Voting ran 11 to 19 May 2026, extended from an original 11 to 17 window to keep access open while attacks were being mitigated. 2,113 people took part.
- The platform faced sustained attacks: Society22 reported roughly 24 billion DDoS requests and 68TB of traffic engineered to look human.
- Vocdoni's mitigation combined country and ASN-level filtering, strict API rate limits and caching, keeping voting infrastructure uptime at 99.45%.
- Availability and integrity are different properties. The attacks targeted availability. End-to-end verifiable voting protects integrity, and a serious system needs both.
What the Coordination Council of Belarus is
The Coordination Council of Belarus is a representative and coordinating body, connected to Belarusian democratic forces, civil society actors and diaspora communities. It emerged in 2020, after a disputed presidential election and the political crisis that followed.
The Council operates through a proportional electoral system with elections held at least every two years, and today works across multiple countries as many of its members and participants operate in exile or outside Belarus.
That last point matters for everything that follows. A large share of Belarusian civic and political life now happens transnationally. The Council is, in part, a mechanism for keeping representation and coordination intact across borders when the people involved cannot do political life without repression or in the same jurisdiction.
Why these elections happen online
The Council's elections renew its membership. Eligible Belarusian participants choose among candidates and electoral lists seeking representation. The vote is online because the electorate is distributed both inside and outside Belarus, while political repression and security risks make in-person voting inside the country impossible for many participants.
In this context, online voting is not a matter of convenience. It is the only practical way for these alternative democratic forces to organize elections and maintain representative participation across borders.
That did not mean that any online voting system would be sufficient. The election required infrastructure capable of protecting voter privacy, preserving the integrity and verifiability of the result, and remaining resilient against censorship, disruption and targeted attacks.
The 2026 vote was the second time Vocdoni provided this infrastructure. The first Coordination Council online election, in 2024, established the model. The 2026 process repeated it under harder conditions.
Society22 and the identity layer
Authentication ran through Society22, which provided a self-sovereign identity (SSI) system. This let participants authenticate through an alternative digital identity framework rather than depending entirely on state-issued identity infrastructure.
That separation is the point worth keeping. A well-built voting architecture keeps several functions distinct: identity verification, eligibility validation, ballot casting, ballot secrecy and tally. Collapsing them into one trust assumption creates systemic risk.
Here, Society22 handled the identity and access layer, while Vocdoni's voting layer kept its own verifiability and integrity guarantees. Authenticated voters could take part without the identity system and the voting system having to trust each other blindly.
Election overview
The core figures, as reported by Vocdoni and Society22:
| Metric | Figure |
|---|---|
| Voting period | 11 to 19 May 2026 (extended from 11 to 17) |
| Participants | 2,113 |
| Authentication | Society22 SSI identity system |
| Voting infrastructure | Vocdoni |
| Vocdoni voting infrastructure uptime | 99.45% |
| Society22 platform uptime | 95.2% |
| Reported DDoS volume | ~24 billion requests |
| Reported attack traffic | ~68TB |
| April pre-election attack sample | 12 billion+ requests |
Two details deserve a note. First, the voting window was extended. The vote was originally scheduled to close on 17 May and was extended to 19 May to absorb the disruption from the attacks and keep access open for legitimate voters. The extension was an operational decision in favor of participation.
Second, the two uptime figures describe different things. The 99.45% figure refers to the Vocdoni voting infrastructure. The 95.2% figure refers to the broader Society22 platform environment. They are not the same scope, and they should not be read as one number. A fuller report will set out the measurement methodology and the affected components behind each.
Operating under attack
According to Society22, the platform faced distributed denial-of-service activity amounting to roughly 24 billion requests and around 68TB of traffic. A separate attack sample from April, targeting an informational campaign website, reportedly generated more than 12 billion requests on its own. That April activity is worth reading as an early signal: the wider ecosystem was being probed before the vote itself opened
The hardest part was the character of the traffic, not just its volume. Society22 reported that a large share of the attack traffic was classified as human-like and passed through default AWS and Cloudflare protections. This does not mean those protections were ineffective. It means the traffic was engineered to resemble ordinary user behavior, which is exactly the pattern generic defenses are weakest against.
A note on the term: "human-like" describes a classification, a behavior pattern, not confirmed human users. It is the difference between an obvious bot flood and traffic deliberately shaped to look legitimate.
This AWS Cloudflare graphic from the campaign promo website illustrates the problem. Mobile-classified traffic reached roughly 9.39 billion requests and desktop-classified traffic roughly 1.88 billion, while traffic categorized as bot or crawler was a tiny fraction of the sample. The operational challenge was not to block obvious malicious traffic. It was to keep access open for real voters while filtering or absorbing traffic built to look real.
Society22 also reported persistent attempts across the full voting period to reach servers. Because the activity continued without pause, day and night, Society22 assessed that it was likely coordinated by a dedicated team. The attempts did not succeed in compromising the servers.
How the voting infrastructure held: Vocdoni's mitigation
Vocdoni’s voting system is designed from the outset for adversarial environments where censorship, coordinated disruption, and large-scale attacks are expected operational risks. Its decentralized architecture reduces single points of failure, preserves verifiability under pressure, and helps maintain election availability even in hostile conditions. During the 2026 Belarus election, however, this built-in resilience was reinforced with a broader operational defense strategy that combined network-level filtering, rate limiting, caching and horizontal scaling. The objective throughout was clear: keep the platform accessible for legitimate voters while continuously adapting defenses against malicious traffic deliberately engineered to resemble normal user behavior.
Country and ASN-level blocking
Connections were blocked by country and by Autonomous System Number (ASN) where the team had high confidence that no legitimate voters were expected. This reduced the attack surface without cutting off eligible participants of other active election processes based on the requirements set by election organizers.
Strict API rate limits
Strict rate limits per route were applied to the APIs in the CDN layer. This contained high-volume request floods and reduced the risk of backend exhaustion. Rate limiting mattered most here because part of the attack traffic resembled ordinary user activity, so volume controls had to do work that pattern-matching alone could not.
Caching wherever possible
Caching was applied wherever feasible, so that requests would not always reach the final backend servers. This absorbed repetitive load before it hit sensitive infrastructure and preserved server capacity for the actions that mattered most: casting and recording votes.
Horizontal scaling and service isolation
API capacity was scaled horizontally during the election, with new servers added as request volumes climbed. The same distributed design isolated the Coordination Council deployment from the rest of Vocdoni's hosted elections: other organizations running votes on the platform during the same period were not exposed to the attack load. Adding capacity where it was needed and containing pressure where it was directed were both built-in properties of the architecture.
Hardening the wider perimeter
The attack surface was never just the decentralized ballot system. Society22 reported that a Google Storage Bucket component faced multi-terabyte traffic drain attempts. Static assets, storage, informational sites, APIs, identity endpoints and verification interfaces are all part of an election's real perimeter, and all of them need hardening.
If your organization is weighing what a voting provider should be ready for, the requirements that matter for politically sensitive elections are a useful place to start.
Availability and integrity: why both mattered
The attacks during the election targeted availability: preventing voters from reaching the platform and casting ballots through sustained denial-of-service activity. They did not target — and could not have compromised through network pressure alone — the cryptographic guarantees that determine how ballots are recorded and counted. Keeping a voting system online is the visible part of the problem
Integrity is the property that ensures every valid vote is recorded, included and counted correctly, without manipulation after the fact. Availability and integrity address different risks, and a serious election system has to deliver both. Infrastructure availability keeps participation open during the voting window; end-to-end verifiable voting protects the correctness of the final result by letting voters and observers confirm the outcome independently, without relying on a central operator's report.
For the Coordination Council, this distinction is not abstract. The legitimacy of the process itself is what is at stake. Keeping the election online was necessary but not sufficient: the system also had to provide public, independently verifiable guarantees that the published result was correct and resistant to manipulation under adversarial conditions.
Vocdoni's architecture is built to deliver both. Four properties were directly relevant to this election.
- Independent verifiability. Voters and observers can confirm that votes were included and counted correctly, without anyone learning how a given person voted. The result is a public, checkable record rather than a provider's report. You can see this in practice on the public election explorer.
- Transparency and auditability. The process produces records that third parties can inspect, which reduces dependence on opaque intermediaries and makes it easier for international observers and independent auditors to review the integrity of the entire process.
- Censorship resistance. Vocdoni is designed for adversarial and high-risk democratic scenarios where participation may be disrupted, blocked or politically contested. Its architecture uses decentralized and distributed components to avoid single points of failure and keep the voting process reachable, resilient and independently verifiable under pressure.
- Separation of trust layers. Identity, eligibility, ballot casting, ballot secrecy and result verification are treated as distinct layers. That reduces systemic risk and makes the whole process easier to audit. Vocdoni's move from a blockchain-based design to a cryptographic-proof foundation is driven by exactly this goal: making verifiability hold without a single point of trust.
Conclusion
The 2026 Coordination Council of Belarus election is a concrete example of digital democratic infrastructure operating under adversarial conditions. The vote ran online from 11 to 19 May 2026, 2,113 people took part, and the process stayed available and verifiable through a sustained attack campaign engineered to evade default protections.
The takeaways are straightforward. This was not a normal deployment. The attacks were continuous and built to look like legitimate network requests, default cloud protections were not enough on their own, and the response combined filtering, rate limits and caching to keep voting infrastructure uptime at 99.45%. Above all, availability and integrity are complementary requirements, and a serious system has to address both.
A fuller technical report will follow. In the meantime, the case shows what censorship-resistant voting infrastructure is actually for: not low-risk polls, but the environments where transparent, independently verifiable collective decision-making matters most.
To see how end-to-end verifiable voting works in practice, explore Vocdoni's technology or inspect any election on the public explorer. Vocdoni makes high-assurance, independently verifiable digital voting accessible to organizations of any size, from local associations to large-scale democratic processes. Try it yourself through the Vocdoni app.