The article says the Kimwolf botnet accidentally disrupted the privacy-focused I2P network while trying to use it as a backup command-and-control channel. According to Krebs, I2P users began reporting major connectivity problems around February 3, 2026, when a sudden flood of new “routers” joined the network and overwhelmed normal traffic. The piece says Kimwolf’s operators later admitted in their Discord channel that they had tried to connect around 700,000 infected bots to I2P, which was far larger than the network could handle. Instead of a normal DDoS, the article describes this as more like a Sybil attack: one actor flooding a peer-to-peer system with huge numbers of fake or controlled identities until normal users can no longer communicate reliably.

The article’s main point is that the attackers were not necessarily trying to destroy I2P itself—they were looking for a harder-to-shut-down way to keep Kimwolf alive while defenders targeted its regular control servers. Researchers quoted in the piece say the botnet’s operators have also been experimenting with Tor for similar reasons, trying to build a more resilient fallback network. Krebs also notes that the mistake appears to have backfired: the disruption drew attention, and one researcher said the botnet’s size had recently dropped by more than 600,000 infected systems, suggesting the operators hurt both I2P and their own botnet by testing unstable changes in the open.

‍

Source: https://krebsonsecurity.com/2026/02/kimwolf-botnet-swamps-anonymity-network-i2p/