A sudden and dramatic increase in unique IP addresses being shared across Bitcoin’s peer-to-peer network has sparked concerns of a possible Sybil attack. Data from a live monitor maintained by Karlsruhe Institute of Technology showed daily unique ADDR entries rising from a long-term baseline of under 65,000 to roughly 250,000 starting around mid-April 2026.
Bitcoin developer and Casa co-founder Jameson Lopp flagged the anomaly on social media, noting that the surge in unsolicited ADDR messages—which normally help nodes discover peers—could indicate an attempt to flood the network with fake node addresses. “Possibly preparation for a sybil attack?” he wrote, questioning whether the flood was a precursor to a more targeted assault on Bitcoin’s peer discovery layer.
The ADDR messaging system is essential for decentralized connectivity, allowing new nodes to find honest peers for synchronization. However, it is not authenticated, meaning control messages can contain incorrect or harmful information. Security researchers warn that polluting the address directory could enable an Eclipse attack, isolating a legitimate node and feeding it a distorted view of the blockchain. While Bitcoin Core includes defenses like address-table bucketing and rate limits, no open network can eliminate every Sybil risk.
Alternative explanations exist. The spike may reflect genuine node growth, routine IP rotation, surveillance activity, or a public signaling experiment—Bitcoin’s permissionless nature means no one needs to explain why they run a node or change addresses. A previous claim about fake Bitcoin Knots nodes in September 2025 was later partly retracted after analysis showed many flagged nodes were ordinary customer devices. As one observer noted, attackers sometimes probe the maps and health monitors rather than the most fortified defenses.
The incident arrives amid broader infrastructure scrutiny in 2026, with debates over spam, data relay policy, quantum risks, and node signaling practices. While the address flood does not pose an immediate threat to consensus, it underscores vulnerabilities in the softer infrastructure layers that underpin Bitcoin’s network health. Developers and node operators are already re‑examining peer discovery protections, and the network’s decentralized governance means lessons will be absorbed through public debate and configuration adjustments.
