You may remember from two weeks ago that I2P was seeing a massive number of new routers join the network (#1426281, #1427742). The scale was so massive that it effectively broke I2P routing. Well, it turns out that this was caused by the Kimwolf botnet.
Kimwolf is a botnet that surfaced in late 2025 and quickly infected millions of systems, turning poorly secured IoT devices like TV streaming boxes, digital picture frames and routers into relays for malicious traffic and abnormally large distributed denial-of-service (DDoS) attacks.
Apparently, the Kimwolf operators were trying to use I2P as a way to coordinate their botnet, and didn't think about what the sudden massive influx of their nodes would do:
The same day that I2P users began noticing the outages, the individuals in control of Kimwolf posted to their Discord channel that they had accidentally disrupted I2P after attempting to join 700,000 Kimwolf-infected bots as nodes on the network.
Brundage said the people in control of Kimwolf have been experimenting with using I2P and a similar anonymity network — Tor — as a backup command and control network, although there have been no reports of widespread disruptions in the Tor network recently.
“I don’t think their goal is to take I2P down,” he said. “It’s more they’re looking for an alternative to keep the botnet stable in the face of takedown attempts.”
amusingly Krebs describes this as a Sybil attack
is it really?
there might be shared C&C for the infected devices, although that's not the problem; the problem seems to be that all these "routers" [in i2p terminology] were not "routing" [i.e. relaying traffic].
I'd agree this could be a Sybil attack if the botnet were doing legit routing, while also logging enough data to deanonymize at will, however that does not seem to be the case.
Yes, I saw that and paused on it for a moment. I was unclear about whether the botnet devices were doing any routing. It seems like a lot of normal i2p routers were knocked out by the sheer number of connections that were made with them.
Maybe he just wanted to use the term Sybil.
yeah, nobody talks about "eclipse" attacks much, and yet I think that general terminology is closer in this case.
I must admit however that I've gotten a little sick of how each new protocol and attack get some fanciful name. It's cute for the first few decades, although after a while the stale names pile up and chaff search results, forcing people to use "smarter" searches like Google Scholar, or even just petitioning some domain authority and not actually bothering with a real search.
What is Stacker News?
It is a social media platform intentionally created to enable a P2P V4V BTC denominated community.
Originally Stacker News (SN) custodyed sats on behalf of participants but the threat of government regulatory prosecution on the pretext of money transmitter forced a move away from the custody of sats by the platform to the platform enabling participants to send sats via their wallets.
To achieve this participants need to attach wallets to both send and receive sats.
Where participants do not or cannot attach LN wallets transactions will often default to Cowboy Credits.
This change was a compromise forced by the threat of government prosecution.
The difficulty of attaching both sending and receiving wallets is moderate- it takes some effort and newbie or non tech people may struggle with it, but most competent Bitcoiners can succeed in attaching wallets and thus enabling sats denominated P2P transactions.
But a number of Stackers have chosen not to attach wallets- in particular sending wallets which enable you to send sats into the SN community.
Very few have attached just a sending wallet- many have attach just a receiving wallet.
Those who only attach a receiving wallet can receive sats from others but cannot send sats into the community. They may feel that as content providers they have no need or obligation to send sats into and within the SN community. I disagree.
Where these receive but not send (horse but no gun) Stackers proclaim to be Bitcoiners but refuse to enable a sending wallet they are demonstrably hypocrits. They claim they want to build and grow the BTC LN MoE network but they cannot be bothered contributing toward that growth by attaching a sending wallet and demonstrating they are not just talking, but are also walking and supporting a sats denominated platform.
If we do not use the LN wherever and whenever we can it will not grow and develop.
Some claim it is too hard to attach wallets- its too hard on their self custody nodes or wallets- this just highlights how much work the LN still needs before it is capable of anything approaching 100% reliable MoE capability.
But the best way to grow and strengthen the LN is it use it – despite its remaining flaws and glitches.
When wallets are supported by people using them they receives transaction fees and can develop liquidity and systems further.
When LN wallets are not used the LN decays- it does not have the usage and fees income to grow.
So when self proclaimed advocates for BTC and LN refuse to attach wallets (especially sending wallets) I see hypocrit.
I will continue to see hypocrit until and unless someone can explain why I should not.
Calling me a Nazi, trolling and making fun of me crudely seeking to avoid the issues I raise will not stop me from asking why are you claiming to be a Bitcoiner but refusing to attach wallets and use the LN here where we can help it grow.
Now some are deliberately concealing their wallet status, as if this is about a right to privacy.
Concealing your wallet status means nobody else can verify whether or not you are serious about using BTC LN, or whether you are just an all talk no walk hypocrit.
Do not trust- verify.
What about this fundamental principle do they not understand?
And then they talk about 'content' being more important than whether or not you have attached wallets - in this context the intentional lack of attached wallets undermines your credibility as your actions do not match your words.
Your submitted content may be great, but you as someone claiming to be a serious Bitcoiner are undermining your credibility and the credibility of your content by being a hypocrit.
Your content, is tainted by your verifiable hypocrisy.
SNs needs both good content providers and those who pay for that content if it is succeed.
I am more in the latter group than the former but both are required overall or the model does not work.
So as a net contributor of sats and thus a net consumer of content I object where content providers refuse to engage in the P2P V4V ethos by refusing to attach both sending and receiving wallets and I will both withhold my contribution of sats and sometimes downvote in response.
V4V needs to work reciprocally or it will not work at all.
The content providers need net sats contributors/content consumers who send sats into the platform, or the entire platform fails.