What Happens If Alipay’s Servers Are Bombed? Inside Data Center Redundancy

Yesterday a question appeared on Zhihu: "If someone physically blew up Alipay’s storage servers, would all users lose their money?" The discussion explores how modern financial services are architected to survive such catastrophic events.

Websites run on physical servers; if a data center were destroyed by a nuclear weapon, the data would not simply disappear.

Financial systems typically employ a "two‑site three‑center" model: two data centers in the same city operating in active‑active (hot) mode, plus a third site for disaster recovery. If one center is destroyed, the other continues serving users without interruption.

Hot backup (active‑active) means both sites process traffic simultaneously, so losing one has almost no impact. Warm (hot) backup allows traffic to be switched to the second site quickly. Cold backup consists of periodic offline copies; if the primary sites fail, recovery may take hours and some recent transactions could be lost.

Even if all Alipay data centers were compromised, the platform’s transaction data is also stored by partner banks and settlement systems, providing another layer of recoverability, though full restoration may not be guaranteed.

Data center classifications vary:

International T‑levels (T1‑T4, with T4 highest).

China GB50174‑2008 defines A, B, C grades (A highest) for electronic information system rooms.

Carrier‑specific star ratings (1‑5 stars, 5 highest).

Financial services must operate in A‑class data centers, which meet stringent power, cooling, and security requirements.

Power redundancy is built as 2N+1: two independent power feeds plus a backup source. UPS units keep systems running for about 15 minutes, while diesel generators can sustain full load for over 12 hours, with fuel contracts ensuring rapid refueling.

Fire suppression uses clean agents such as heptafluoropropane (HFC‑227ea), which are colorless, odorless, low‑toxicity gases that extinguish flames without damaging equipment.

Physical location rules prohibit data centers near railways, airports, chemical plants, or other high‑risk sites, and require flood‑ and earthquake‑resistant construction.