For most internet users, the Invisible Internet Project — better known as I2P — is an obscure piece of infrastructure they have never heard of. But for privacy advocates, journalists operating under hostile regimes, and security researchers, I2P has long served as a vital alternative to Tor for anonymous communication. In late 2024 and into early 2025, that network was nearly destroyed — not by a government crackdown or a sophisticated intelligence operation, but by a botnet whose operators likely had no idea what they were doing.
The incident, documented in painstaking detail by security researcher Sam Bent in a comprehensive post on his website, reveals how fragile decentralized anonymity networks can be when confronted with even unintentional abuse at scale. The story is a cautionary tale about the architectural vulnerabilities lurking inside systems that millions of people depend on for digital safety.
A Network Built on Trust and Volunteer Nodes
I2P operates on a fundamentally different model than the conventional internet. Rather than routing traffic through centralized servers, I2P creates an overlay network where each participant acts as a relay node. Messages are encrypted in layers — similar to Tor’s “onion routing” — and passed through a series of these volunteer-operated nodes before reaching their destination. The result is a system where neither the sender nor the receiver can easily be identified by outside observers.
The network’s strength lies in its distributed nature: the more nodes participating, the more paths traffic can take, and the harder surveillance becomes. But this architecture also creates a critical dependency. I2P relies on a system called a “NetDB” — a distributed database that catalogs all the routers (nodes) available on the network. When a new user joins I2P, their client needs to discover other routers through this database to build tunnels for communication. The process of populating and maintaining the NetDB is handled through a protocol called “floodfill,” where certain high-capacity nodes take responsibility for storing and distributing router information across the network.
The Botnet That Nobody Meant to Unleash
According to Bent’s research, the trouble began when a botnet — a network of compromised computers controlled remotely by malicious actors — started running I2P nodes at enormous scale. The botnet operators were apparently using I2P as a command-and-control (C2) channel, a technique that has gained popularity among cybercriminals because anonymity networks make it extremely difficult for law enforcement to trace communications back to the botnet’s controllers.
The problem was not simply that the botnet was using I2P. It was the sheer volume of nodes it introduced. Bent’s analysis indicates that the botnet flooded the network with tens of thousands of nodes — potentially comprising a majority of the network’s total router count at certain points. These were not well-maintained, high-bandwidth nodes contributing meaningfully to the network’s capacity. They were low-quality, unreliable machines that would frequently go offline, change addresses, or fail to properly route traffic. Yet because of how the NetDB and floodfill systems work, legitimate I2P users’ clients would attempt to build tunnels through these unreliable botnet nodes, resulting in catastrophic failure rates for connections across the network.
Cascading Failures and a Network in Crisis
The effects were devastating. As Bent documented, users began reporting that I2P services — known as “eepsites” — were becoming unreachable. Tunnel build success rates plummeted. The network, which had operated with reasonable reliability for years, became functionally unusable for many participants. Internal metrics showed that the percentage of successful tunnel builds dropped to levels that made sustained communication nearly impossible.
What made the situation particularly insidious was that it did not look like a traditional attack. There was no single point of failure, no dramatic takedown. Instead, the network slowly degraded as the ratio of reliable nodes to unreliable botnet nodes shifted. Bent compared it to a kind of accidental Sybil attack — a well-known vulnerability in peer-to-peer networks where a single entity creates many fake identities to gain disproportionate influence. The botnet operators almost certainly were not trying to disrupt I2P; they simply wanted a covert communication channel. But the side effect of their operation was to poison the network’s routing infrastructure from within.
The I2P Development Team’s Response
The I2P development team found itself in an extraordinarily difficult position. The network’s design philosophy emphasizes decentralization and resistance to censorship — principles that make it inherently difficult to exclude bad actors. Unlike a centralized service, there is no administrator who can simply ban problematic nodes. Any mechanism to filter out botnet routers risks creating the very kind of centralized control that I2P was designed to avoid.
Despite these constraints, the developers implemented several countermeasures. According to Bent’s account, these included adjustments to how routers are selected for tunnel building, with greater weight given to nodes that demonstrate consistent uptime and bandwidth capacity. The team also worked on improving the floodfill selection process to reduce the influence of low-quality nodes on the NetDB. These changes were rolled out in updated versions of the I2P software, and the network gradually began to recover — though the process took months and the experience exposed fundamental questions about I2P’s long-term resilience.
Broader Implications for Anonymity Networks
The incident raises uncomfortable questions for the broader privacy and anonymity community. If a botnet can accidentally cripple a major anonymity network, what could a well-resourced state actor accomplish with deliberate intent? The Sybil attack vector has been theorized about for years in academic literature, but the I2P botnet incident provided a real-world demonstration of how the attack plays out in practice — even when no one is actually trying to execute it.
Tor, the more widely known anonymity network, has its own set of vulnerabilities but benefits from a more centralized directory authority system that provides some protection against this specific type of degradation. Tor’s directory authorities — a small, trusted group of servers — maintain a consensus about which relays are part of the network, making it harder for a flood of low-quality nodes to dominate routing decisions. I2P’s fully decentralized approach, while philosophically appealing, proved to be a structural weakness when confronted with this kind of unintentional abuse.
The Tension Between Decentralization and Resilience
Security researchers who have studied the incident note that it highlights a fundamental tension in the design of anonymous communication systems. Full decentralization offers maximum resistance to censorship and single points of failure, but it also means there is no authority capable of rapidly responding to network-wide threats. Some degree of centralization — even if limited to reputation systems or trusted node lists — may be necessary to maintain network health.
Bent’s analysis suggests that the I2P team’s response, while effective in the medium term, amounts to introducing soft centralization through heuristics that favor established, high-performing nodes. This is a pragmatic solution, but it also means that new, legitimate nodes may face higher barriers to participation, potentially reducing the network’s diversity over time. The tradeoff between openness and quality control is one that every decentralized system must eventually confront.
What Comes Next for I2P and Its Users
As of mid-2025, I2P has largely recovered from the botnet incident, but the experience has left lasting marks on the project. Development discussions now include more explicit consideration of adversarial conditions at scale, and there is ongoing work to make the network more resistant to both intentional and accidental flooding. The incident has also prompted renewed interest in hybrid approaches that combine decentralized routing with lightweight reputation or trust mechanisms.
For the thousands of users who depend on I2P for secure communication — including activists, whistleblowers, and ordinary citizens in countries with aggressive internet surveillance — the episode was a stark reminder that privacy tools are only as strong as their weakest architectural assumptions. The botnet operators who nearly destroyed I2P probably never gave the network a second thought. They were simply looking for a place to hide their command-and-control traffic. The collateral damage they inflicted, however, forced an entire community to reckon with vulnerabilities that had been theoretical for over a decade.
The full technical account of the incident, including network metrics and timeline data, is available on Sam Bent’s website. For anyone involved in building, operating, or depending on decentralized privacy infrastructure, it is essential reading.