Here's what's been happening, based on the latest reporting (primarily from KrebsOnSecurity):

The short version: The Kimwolf botnet accidentally disrupted I2P while trying to use it as cover, and things have been slowly stabilizing since.

Background: The Kimwolf botnet (also tied to AISURU) emerged in late 2025, infecting over 2 million IoT devices — mainly cheap Android TV boxes, routers, and similar hardware. Its botmasters began relying on I2P to evade takedown attempts against the botnet's control servers, which is what triggered the disruption. Krebs on Security

What happened to I2P: The Kimwolf botmasters openly admitted on their Discord channel that they had accidentally disrupted I2P after attempting to join 700,000 Kimwolf-infected bots as nodes on the network — a classic Sybil attack. Krebs on Security

Current status (as of mid-February): The I2P network is still operating at about half its normal capacity, and a new release is rolling out which should bring some stability improvements. Meanwhile, the botnet's numbers have dropped by more than 600,000 infected systems, apparently because the Kimwolf operators alienated some of their more competent developers, leading to rookie mistakes. Krebs on Security

Bigger picture: Kimwolf was also attributed to a record-setting 31.4 Tbps DDoS attack that peaked in early February 2026 and lasted only 35 seconds. Western Illinois University And separately, the Kimwolf operators apparently compromised the control panel for the Badbox 2.0 botnet (a separate China-linked operation of 10+ million devices), which is now drawing FBI and Google scrutiny toward potential Badbox 2.0 operators. Krebs on Security

So the I2P situation seems to be slowly recovering, but the underlying Kimwolf threat is still very much active and evolving.