• Kimwolf botnet infected millions of IoT devices, turning them into relays for malicious traffic. • In late 2025, the botnet began targeting I2P to hide control servers from takedowns. • I2P, a decentralized encrypted network, routes data through volunteer nodes for anonymity. • On Feb 3, users reported tens of thousands of new routers flooding I2P, blocking legitimate traffic. • Botmasters inadvertently disrupted I2P by adding 700,000 infected bots as nodes, causing connection limits. • The incident exposes how privacy networks can be overwhelmed by botnet traffic, threatening anonymity.
Article Summaries:
- Kimwolf, an IoT botnet that emerged in late 2025, has disrupted the Invisible Internet Project (I2P) by flooding the network with infected devices. Over the past week, thousands of compromised routers joined I2P, creating a Sybil attack that overwhelmed the system and reduced active nodes from roughly 55,000 to 15‑20,000. Bot operators used I2P to evade takedowns of their command‑and‑control servers, and have also experimented with Tor as a backup. The influx of fake identities has caused connection failures and prevented legitimate users from communicating, highlighting the vulnerability of anonymity networks to large‑scale botnet attacks.
Sources: