u/CriticalCobraz

A significant infrastructure anomaly has been detected in Bitcoin's P2P network starting April 9, 2026, where unsolicited network messages (ADDR) containing fake and unreachable node addresses surged from 50,000 to over 250,000 per day. Known developer Jameson Lopp suggests this flooding is a stealth preparation for a Sybil attack, aiming to corrupt Bitcoin's "phone book" so new nodes connect only to attacker-controlled "ghost nodes."

While this tactic could theoretically enable an Eclipse attack by isolating legitimate nodes in an informational vacuum, current defenses mitigate the immediate risk:

• Nodes only need one honest connection to receive accurate blockchain data.
• Bitcoin clients automatically distribute connections across different subnets, preventing a single IP pool from monopolizing slots.

At present, the anomaly primarily creates parasitic bandwidth load rather than posing a direct threat to the network's consensus security.