I2P 2.11.0 Ships Post-Quantum Crypto After Botnet Siege

On February 3rd, 2026, users on I2P's GitHub page started reporting mass connection failures. Tens of thousands of unknown routers were flooding the network, and legitimate nodes could barely communicate. One user reported their physical router freezing when connections exceeded 60,000. The Invisible Internet Project a decentralized anonymity network that normally runs on 15,000 to 20,000 devices daily was getting hammered by something orders of magnitude larger than itself.

The Kimwolf botnet caused it a massive IoT infection that surfaced in late 2025 and quickly compromised millions of poorly secured devices like TV streaming boxes, digital picture frames, and consumer routers. The same day users started complaining, the people running Kimwolf posted on their Discord that they'd accidentally disrupted I2P after trying to join 700,000 infected bots as network nodes. I2P's Wikipedia page lists its historical network size at around 55,000 computers, and the actual daily active count sits between 15,000 and 20,000. They shoved 700,000 fake nodes into that.

Security researchers call this a Sybil attack one entity creates enough fake identities to destabilize the whole network. I2P's own threat model documentation has always acknowledged that the network's modest size makes these attacks easier than they should be, and Kimwolf proved that in real time.

The botnet's operators weren't trying to destroy I2P on purpose, though. According to Benjamin Brundage of Synthient, they were experimenting with using I2P and Tor as backup command-and-control infrastructure to survive takedown attempts against their primary servers. This is the same Kimwolf/Aisuru operation that launched a record-setting 31.4 terabit-per-second DDoS attack on December 19, 2025 — a campaign Cloudflare named "The Night Before Christmas" after it pummeled telecom providers with 902 hyper-volumetric attacks over 17 days. When these operators casually tried to convert a privacy network into their fallback infrastructure, they brought that same scale of destruction with them.

Ok so here's where the I2P team earns respect. Six days after the Sybil attack started — while the network was still operating at roughly 50% capacity — they released version 2.11.0 on February 9th loaded with significantly more than spam mitigations.

Post-quantum cryptography is now enabled by default at the ratchet layer. The implementation uses a hybrid ML-KEM+X25519 scheme following the NIST FIPS 203 standard — the development pipeline started with the 2.9.0 release in June 2025, went to opt-in beta in 2.10.0 in September 2025, and landed as the default in 2.11.0.

From what I found, this makes I2P one of the first production anonymity networks to ship post-quantum encryption to all users by default. They went with ML-KEM-768 because it meets the minimum NIST security category 2 required for hybrid protocols while ML-KEM-512 falls below that threshold. The tradeoff worth understanding: hybrid key exchange increases New Session Message size significantly, and those larger messages need to be fragmented into multiple 1024-byte tunnel chunks, which could reduce delivery reliability. The developers compensated by deferring the streaming payload until the first Existing Session Message instead of using 0-RTT delivery, sacrificing one round trip of latency for stronger forward secrecy.

The first round of mitigations against the ongoing spam and Sybil attacks shipped in this release, with additional defenses still in development. The commit history shows the specific hardening: increased SSU2 IP table sizes, tweaked NetDB router info drop probabilities, general router robustness fixes, and increased per-hop TunnelDataMessage expiration.

I2P now requires Java 17 or later and runs on Jetty 12, which the team telegraphed two releases in advance — the 2.9.0 release notes explicitly warned that "in two releases, at 2.11.0, I2P will require Java 17." Jetty 12 also moves the codebase from the legacy javax.servlet namespace to jakarta.servlet, a one-time migration pain for plugin developers that brings the project current with the modern Java ecosystem. Smaller changes: wrapper max memory bumped to 512 MB for new installs, and the console gained an option to disable notification bubbles.

Proposal 163 also landed, bringing Datagram2 and Datagram3 support to the SAMv3 API. Datagram2 adds replay resistance and offline signature support by including the target hash in the signature function, which prevents replay attacks across destinations. Datagram3 strips signatures entirely for applications that handle authentication at a higher layer. The practical payoff is that i2psnark can now do bittorrent UDP announces over these new formats, building on the UDP tracker support added in 2.10.0 to reduce the network's torrent tracker overhead.

Kimwolf, meanwhile, is collapsing from the inside. According to Brundage, the operators alienated some of their more competent developers, and the resulting incompetence caused the botnet to shed more than 600,000 infected systems. Security researchers null-routed over 550 Kimwolf and Aisuru command-and-control servers in January 2026, and Brundage's assessment was direct: "the botnet's numbers are dropping significantly now, and they don't seem to know what they're doing."

Lance James — founder of Unit 221B and the creator of I2P's predecessor IIP back in 2001 — confirmed the network should stabilize as 2.11.0 rolls out across the user base. The release is available now for PPA, Debian repos, and new installs, with Android to follow. If you're running an I2P router, update. The mitigations only protect you if you're on the current version, and the network just absorbed a 700,000-node Sybil attack from one of the largest botnets ever documented.

I2P has been running since 2003, growing from 25,795 nodes in January 2019 to 72,653 in April 2025 before Kimwolf temporarily cratered it. A volunteer dev team maintained a 13-week release cycle through all of it. Their response to the largest Sybil attack in the project's 23-year history was to ship quantum-resistant encryption enabled by default, six days later, while the network was still half-broken.