The I2P anonymity network collapsed on February 3, 2026, when 700,000 hostile nodes overwhelmed its infrastructure in what security researchers call one of the most severe Sybil attacks ever recorded against an anonymity network. The network typically operates with just 15,000 to 20,000 active devices, making the attack scale 39 to 1 against normal operations.

For three consecutive years, I2P has faced February Sybil attacks, with the 2023 and 2024 incidents using malicious floodfill routers that remain unattributed to any state-sponsored operation. The 2026 attack initially appeared to follow the same pattern until investigators traced it to the Kimwolf botnet, an IoT malware operation that infected millions of streaming boxes and consumer routers throughout late 2025. Kimwolf operators admitted on Discord they accidentally disrupted I2P while attempting to use it as backup command-and-control infrastructure after security researchers destroyed over 550 of their primary C2 servers.

The I2P development team responded with remarkable speed, shipping version 2.11.0 just six days after the attack began. The release includes hybrid ML-KEM plus X25519 post-quantum encryption enabled by default, making I2P one of the first production anonymity networks to implement post-quantum cryptography for all users. Additional Sybil mitigations, SAMv3 API upgrades, and infrastructure improvements were included in the emergency patch.