For the previous week, the huge \u201cWeb of Issues\u201d (IoT) botnet often known as Kimwolf<\/strong> has been disrupting The Invisible Web Venture<\/strong> (I2P), a decentralized, encrypted communications community designed to anonymize and safe on-line communications. I2P customers began reporting disruptions within the community across the identical time the Kimwolf botmasters started counting on it to evade takedown makes an attempt in opposition to the botnet\u2019s management servers.<\/p>\n Kimwolf is a botnet that surfaced in late 2025 and rapidly contaminated thousands and thousands of techniques, turning poorly secured IoT units like TV streaming packing containers, digital image frames and routers into relays for malicious site visitors and abnormally massive<\/a> distributed denial-of-service (DDoS) assaults.<\/p>\n I2P is a decentralized, privacy-focused community that enables folks to speak and share data anonymously.<\/p>\n \u201cIt really works by routing information by way of a number of encrypted layers throughout volunteer-operated nodes, hiding each the sender\u2019s and receiver\u2019s areas,\u201d the I2P web site explains<\/a>. \u201cThe result’s a safe, censorship-resistant community designed for personal web sites, messaging, and information sharing.\u201d<\/p>\n On February 3, I2P customers started complaining on the group\u2019s GitHub web page<\/a> about tens of hundreds of routers abruptly overwhelming the community, stopping present customers from speaking with reliable nodes. Customers reported a quickly growing variety of new routers becoming a member of the community that had been unable to transmit information, and that the mass inflow of recent techniques had overwhelmed the community to the purpose the place customers might now not join.<\/p>\n I2P customers complaining about service disruptions from a quickly growing variety of routers abruptly swamping the community.<\/p>\n<\/div>\n When one I2P consumer requested whether or not the community was beneath assault, one other consumer replied, \u201cSeems prefer it. My bodily router freezes when the variety of connections exceeds 60,000.\u201d<\/p>\n A graph shared by I2P builders exhibiting a marked drop in profitable connections on the I2P community across the time the Kimwolf botnet began making an attempt to make use of the community for fallback communications.<\/p>\n<\/div>\n The identical day that I2P customers started noticing the outages, the people in charge of Kimwolf<\/a> posted to their Discord channel that that they had by accident disrupted I2P after trying to affix 700,000 Kimwolf-infected bots as nodes on the community.<\/p>\n The Kimwolf botmaster brazenly discusses what they’re doing with the botnet in a Discord channel with my title on it.<\/p>\n<\/div>\n Though Kimwolf is called a potent weapon for launching DDoS assaults, the outages brought about this week by some portion of the botnet trying to affix I2P are what\u2019s often known as a \u201cSybil assault<\/a>,\u201d a risk in peer-to-peer networks the place a single entity can disrupt the system by creating, controlling, and working a lot of faux, pseudonymous identities.<\/p>\n Certainly, the variety of Kimwolf-infected routers that attempted to affix I2P this previous week was many occasions the community\u2019s regular measurement. I2P\u2019s Wikipedia web page<\/a> says the community consists of roughly 55,000 computer systems distributed all through the world, with every participant appearing as each a router (to relay site visitors) and a consumer.<\/p>\n Nevertheless, Lance James<\/strong>, founding father of the New York Metropolis primarily based cybersecurity consultancy Unit 221B<\/a> and the unique founding father of I2P, instructed KrebsOnSecurity the complete I2P community now consists of between 15,000 and 20,000 units on any given day.<\/p>\n An I2P consumer posted this graph on Feb. 10, exhibiting tens of hundreds of routers \u2014 largely from america \u2014 abruptly trying to affix the community.<\/p>\n<\/div>\n Benjamin Brundage<\/strong> is founding father of Synthient<\/a>, a startup that tracks proxy providers and was the primary to doc Kimwolf\u2019s distinctive spreading strategies<\/a>. Brundage stated the Kimwolf operator(s) have been making an attempt to construct a command and management community that may\u2019t simply be taken down by safety corporations and community operators which can be working collectively to fight the unfold of the botnet.<\/p>\n Brundage stated the folks in charge of Kimwolf have been experimenting with utilizing I2P and the same anonymity community \u2014 Tor<\/a> \u2014 as a backup command and management community, though there have been no reviews of widespread disruptions within the Tor community lately.<\/p>\n \u201cI don\u2019t suppose their objective is to take I2P down,\u201d he stated. \u201cIt\u2019s extra they\u2019re on the lookout for a substitute for hold the botnet secure within the face of takedown makes an attempt.\u201d<\/p>\n![\"\"](\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/02\/i2p-github.png\")
<\/p>\n![\"\"](\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/02\/i2pconnections.png\")
<\/p>\n![\"\"](\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/02\/dort-killedi2p.png\")
<\/p>\n![\"\"](\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/02\/i2p-gh-graph.png\")
<\/p>\n