KIMWOLF , a massive IoT botnet, has been disrupting The Invisible Internet Project (I2P), a decentralised network intended to anonymise online communications. On 3 February, I2P users reported tens of thousands of routers overwhelmed the network as many new, non-transmitting routers joined, spiking disruption across legitimate nodes. The Kimwolf operators subsequently posted to Discord that they had accidentally disrupted I2P after attempting to recruit 700,000 Kimwolf-infected bots as nodes.
According to the I2P website, the network routes data through multiple encrypted layers across volunteer-operated nodes to hide sender and receiver locations. The botnet’s activities also triggered a broader discussion of a Sybil attack, where a single entity controls large numbers of fake identities in a peer‑to‑peer network.
Benjamin Brundage said Kimwolf’s operators have been experimenting with I2P and Tor as backup command-and-control networks, while Lance James put the I2P network size at between 15,000 and 20,000 devices on any given day, far below the commonly cited figure of about 55,000. The incident underscores ongoing tensions between botnets and anonymising networks, with Brundage noting a recent drop in Kimwolf’s overall numbers after internal issues. This article is according to the I2P website.