Originally reported by Sam Bent
TL;DR
A botnet accidentally deployed 700,000 hostile nodes against I2P's ~15-20k node network on Feb 3, creating one of the most severe Sybil attacks ever seen against an anonymity network.
While devastating to I2P users, this represents disruption of a niche anonymity network rather than mainstream infrastructure. The accidental nature and lack of broader impact limit severity.
The I2P (Invisible Internet Project) anonymity network faced an unprecedented crisis when hostile actors deployed approximately 700,000 malicious nodes in a single coordinated attack. According to Sam Bent's analysis, this massive influx represented a 35-fold increase over the network's typical operating capacity of 15,000 to 20,000 active devices.
The scale of the attack classifies it as one of the most devastating Sybil attacks ever recorded against an anonymity network. In a Sybil attack, adversaries create multiple fake identities to gain disproportionate influence over a distributed network's operations.
Bent's investigation reveals the attack was unintentional - a botnet operator apparently misconfigured their infrastructure, inadvertently directing the full force of their compromised machines against I2P's relatively small network. The "accidental" nature of the incident highlights the fragility of privacy-focused networks when confronted with large-scale automated attacks.
The timing and coordination suggest the botnet was likely repurposed from other activities, with I2P becoming collateral damage rather than a deliberate target. This incident exposes critical scalability limitations in anonymity networks that rely on distributed peer participation.
The attack effectively rendered I2P unusable for legitimate users during the incident period. Recovery efforts would require the network to identify and purge hostile nodes while rebuilding trust mechanisms - a process that could take weeks or months to complete fully.
This incident demonstrates how anonymity networks remain vulnerable to resource exhaustion attacks, even when the attacks are accidental. The relatively small size of privacy-focused networks makes them particularly susceptible to disruption by botnets designed for much larger targets.
Originally reported by Sam Bent