UrsaClimb Logo

A Botnet Accidentally Destroyed I2P (The Full Story)

Hacker News
February 22, 2026
AI-Generated Deep Dive Summary
On February 3, 2026, the I2P anonymity network faced one of its most severe challenges when it was overwhelmed by a Sybil attack involving 700,000 hostile nodes. This overwhelming force, which dwarfed the network's typical size of 15,000 to 20,000 active devices, was later traced back to the Kimwolf botnet—an IoT operation that infected millions of devices, including streaming boxes and routers. The attack, initially mistaken for a state-sponsored campaign due to its annual occurrence in February (with previous attacks in 2023 and 2024), turned out to be accidental. The botnet operators had intended to use I2P as a backup command-and-control infrastructure after losing over 550 of their primary servers to security researchers. The incident highlighted the vulnerabilities of anonymity networks like I2P, which rely on decentralized systems to protect user privacy. Sybil attacks, where malicious actors flood the network with fake identities to disrupt operations, pose significant threats to such networks. The sheer scale of the attack—39 times larger than I2P's normal capacity—cried havoc, overwhelming the network and rendering it ineffective for several days. In response, the I2P development team swiftly released version 2.11.0 just six days after the attack began. This update introduced hybrid ML-KEM plus X25519 post-quantum encryption by default, positioning I2P as one of the first anonymity networks to adopt advanced quantum-resistant technologies. Additionally, the update included Sybil mitigations (SAMv3), API upgrades, and infrastructure improvements to enhance overall network resilience. The incident underscores the critical importance of robust security measures in maintaining privacy-preserving networks like I2P. While the attack was accidental, it serves as a stark reminder of the potential dangers posed by large-scale botnet operations and the need for continuous innovation in defending against
Verticals
techstartups
Originally published on Hacker News on 2/22/2026