February 21, 2026
Oops, all botnets
A Botnet Accidentally Destroyed I2P
700,000 hijacked gadgets crash a privacy network—and the comments are chaos
TLDR: An IoT botnet flooded I2P with 700,000 devices and knocked it over, then devs rushed out a fix with new, stronger encryption. Commenters debated whether this was a state op gone wrong or criminal chaos, and fumed that botnet operators can brag on Discord at all.
The internet’s cloak-and-dagger crowd just watched a privacy network get face-planted by… a backup plan. I2P, a tool people use to browse more privately, was swarmed by about 700,000 infected gadgets—smart boxes and home routers—thanks to the “Kimwolf” botnet. At first, commenters were sure it was the usual spy-agency February takedown. Then the plot twist: the botnet runners admitted on Discord they accidentally wrecked I2P while trying to hide their own operations after their main servers got nuked. Cue collective gasp, eye-rolls, and “wait, they just admit that on Discord?” disbelief.
The thread is a whirlpool of confusion and spicy skepticism. Newcomers confessed, “I feel out of depth,” while practical types explained the numbers mismatch—15–20k normal devices versus 700k crashers—and summed it up with “This, predictably, broke I2P.” Others demanded better reporting, dropping links and calling out shallow coverage. One big theme: outrage and incredulity that a botnet crew can openly chat on a mainstream platform. Meanwhile, I2P’s devs shipped a fix in six days, flipping on post‑quantum encryption (tech built to survive future supercomputers) by default and adding new defenses. Some cheered the speed; others wondered if it’s a shiny lock on a door the stampede already knocked off its hinges. Bonus nerd tangent: “How would cjdns handle this?”
Key Points
- •On Feb 3, 2026, I2P was hit by a Sybil attack adding ~700,000 hostile nodes to a network that normally has 15,000–20,000 devices.
- •The 2026 incident followed February attacks in 2023 and 2024, previously involving malicious floodfill routers and remaining unattributed.
- •The attacker was identified as the Kimwolf IoT botnet, which had infected millions of devices and executed a 31.4 Tbps DDoS in Dec 2025.
- •Kimwolf operators said on Discord they unintentionally disrupted I2P while using it as backup C2 after 550+ primary C2 servers were taken down.
- •I2P released version 2.11.0 six days later, enabling default hybrid ML-KEM + X25519 post-quantum encryption, adding Sybil mitigations, SAMv3 upgrades, and infrastructure improvements.