Kimwolf Botnet Swamps Anonymity Network I2P

For the past week, the massive "Internet of Things" (IoT) botnet known as Kimwolf has been disrupting The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting disruptions in the network around the same time the Kimwolf botmasters began relying on it to evade takedown attempts against the botnet's control servers.

Kimwolf, a botnet that surfaced in late 2025, quickly infected millions of systems, turning poorly secured IoT devices like TV streaming boxes, digital picture frames, and routers into relays for malicious traffic and abnormally large distributed denial-of-service (DDoS) attacks. The botnet's control servers, which are typically targeted by cybersecurity groups aiming to shut down malicious activities, have been using I2P to avoid detection and takedown attempts.

I2P is a decentralized, privacy-focused network that allows people to communicate and share information anonymously. It works by routing data through multiple encrypted layers across volunteer-operated nodes, hiding both the sender's and receiver's locations. The result is a secure, censorship-resistant network designed for private websites, messaging, and data sharing.

On February 3, I2P users began complaining on the organization's GitHub page about tens of thousands of routers suddenly overwhelming the network, preventing existing users from communicating with legitimate nodes. Users reported a rapidly increasing number of new routers joining the network that were unable to transmit data, and that the mass influx of new systems had overwhelmed the network to the point where users could no longer connect.

I2P users shared their experiences on the platform, with one user asking whether the network was under attack. Another user replied, "Looks like it. My physical router freezes when the number of connections exceeds 60,000." A graph shared by I2P developers showed a marked drop in successful connections, indicating the severity of the disruption.

The sudden surge in Kimwolf-controlled devices using I2P as a means to evade takedown attempts has put immense pressure on the network's infrastructure. As the botnet's control servers rely on I2P for communication, the influx of malicious traffic has led to a cascade effect, making it difficult for legitimate users to access the network.

Cybersecurity experts have expressed concern over the impact of such botnet activities on decentralized networks like I2P. They argue that while I2P was designed to protect user privacy, it is not equipped to handle the scale of traffic generated by a botnet like Kimwolf. Some experts have called for improved monitoring and filtering mechanisms to prevent such disruptions in the future.

In response to the situation, I2P developers have been working to stabilize the network and mitigate the effects of the botnet's attack. They have implemented measures to detect and limit the number of connections from suspicious devices, as well as to prioritize legitimate traffic. However, the long-term consequences of this event on the network's reliability and user trust remain to be seen.

The Kimwolf botnet's disruption of I2P highlights the ongoing challenges faced by decentralized networks in balancing privacy and security with the need to protect against malicious actors. As botnets like Kimwolf continue to evolve and exploit new vulnerabilities, the cybersecurity community must find ways to safeguard these networks while preserving their core values of anonymity and freedom.