The Kimwolf botnet has been causing significant disruptions to The Invisible Internet Project (I2P), a decentralized network that ensures anonymous communications. Over the past week, I2P users reported thousands of new routers joining the network, overwhelming it and preventing normal operations. This surge coincided with Kimwolf's botmasters trying to utilize I2P to evade detection and takedown efforts. Kimwolf emerged in late 2025, infecting millions of poorly secured IoT devices, such as routers and streaming boxes, and turning them into tools for launching large-scale distributed denial-of-service (DDoS) attacks. On February 3, users on I2P's GitHub noted that their routers were freezing under the weight of excessive connections, with one user reporting issues when the number of connections surpassed 60,000. This influx came after Kimwolf's operators attempted to integrate 700,000 infected devices into the I2P network. Such an action is classified as a “Sybil attack,” where a single entity disrupts a peer-to-peer network by controlling numerous fake identities. While I2P typically operates with around 55,000 nodes, Lance James, a cybersecurity expert, indicated that the network's active devices number between 15,000 and 20,000 daily. Benjamin Brundage, who tracks proxy services, noted that Kimwolf's operators are experimenting with I2P and the Tor network as backup command and control systems. Despite the chaos, Brundage observed a decline in the botnet's active devices, with numbers dropping by over 600,000 due to recent missteps by its developers. James mentioned that I2P is currently functioning at about half its normal capacity but is set to roll out updates aimed at stabilizing the network.