The Invisible Internet Project (I2P), a decentralized encrypted communications network designed to provide anonymous online interactions, has experienced significant disruptions this week following a massive influx of compromised devices. The culprit appears to be Kimwolf, a sprawling IoT botnet that has infected millions of poorly secured devices worldwide, including streaming boxes, digital picture frames, and routers.
The disruptions began February 3 when I2P users reported tens of thousands of new routers overwhelming the network, rendering it nearly unusable. Users documented connection failures and extreme latency issues, with some reporting their systems freezing once connections exceeded 60,000 devices. The sudden surge prevented legitimate users from communicating across the network's nodes, effectively crippling core functionality.
Kimwolf, which emerged in late 2025, represents a significant threat in the botnet landscape, primarily known for orchestrating massive distributed denial-of-service attacks. However, the I2P disruption reveals a different attack vector: a Sybil attack. This technique involves a single entity creating and controlling numerous fake identities to overwhelm a peer-to-peer network's infrastructure.
The incident unfolded when Kimwolf operators, seeking to evade takedown attempts against their control servers, attempted to join 700,000 infected bots as nodes on the I2P network. In a Discord message, the botnet operators acknowledged the disruption was accidental—a miscalculation in their campaign to exploit I2P's infrastructure. This massive influx dwarfed the network's typical size; I2P normally operates with approximately 15,000 to 20,000 active devices daily, according to cybersecurity experts familiar with the network.
The attack underscores vulnerabilities in decentralized networks when facing coordinated threats of this scale. As IoT botnets continue growing in sophistication and size, privacy-focused infrastructure faces mounting challenges in distinguishing legitimate users from malicious actors attempting to exploit their systems.