The massive Kimwolf IoT botnet has caused significant disruptions to The Invisible Internet Project (I2P), a decentralized privacy network, after botnet operators accidentally overwhelmed the system while attempting to use it for command-and-control evasion.
The Attack
According to Krebs on Security, I2P users began reporting severe network disruptions on February 3, 2026, when tens of thousands of routers suddenly overwhelmed the network. Users complained on the I2P GitHub page about new routers flooding the network faster than legitimate nodes could handle.
One user reported their physical router froze when connections exceeded 60,000—a clear sign of an unprecedented attack on the network infrastructure.
What is Kimwolf?
Kimwolf is a botnet that emerged in late 2025 and rapidly infected millions of poorly secured IoT devices, including:
- TV streaming boxes
- Digital picture frames
- Consumer routers
The botnet has been used for massive distributed denial-of-service (DDoS) attacks and as a relay network for malicious traffic. It has previously been linked to record-breaking DDoS attacks targeting U.S. ISPs.
Accidental Disruption
In a surprising twist, the Kimwolf operators openly admitted on their Discord channel that they had accidentally disrupted I2P while attempting to join approximately 700,000 infected bots as nodes on the network. Their goal was to use I2P’s anonymity features to evade takedown attempts against the botnet’s command-and-control infrastructure.
This type of attack is classified as a Sybil attack—a threat in peer-to-peer networks where a single entity disrupts the system by creating and controlling a massive number of fake identities (nodes).
What is I2P?
The Invisible Internet Project (I2P) is a decentralized, privacy-focused network designed for anonymous communication. It routes data through multiple encrypted layers across volunteer-operated nodes, hiding both sender and receiver locations to create a censorship-resistant network for private websites, messaging, and data sharing.
Security Implications
This incident highlights several critical concerns:
- Botnets seeking anonymity: Threat actors are increasingly attempting to use privacy networks to hide their infrastructure
- Collateral damage: Even accidental misuse can cripple privacy infrastructure used by legitimate users
- IoT security crisis: Millions of poorly secured devices continue to be weaponized for malicious purposes
- Network resilience: Decentralized networks may struggle to handle sudden floods of malicious nodes
Recommendations
Organizations and individuals should:
- Audit and secure IoT devices on their networks
- Change default credentials on all network-connected devices
- Implement network segmentation for IoT devices
- Monitor for unusual outbound traffic patterns that could indicate botnet activity
This incident serves as a stark reminder that the security of our collective digital infrastructure depends on the security of every connected device.
Source: Krebs on Security
thank your for this article, keep up the good work