Bitcoin Core developers have disclosed a privacy bug that can expose the very detail it was designed to hide, a user’s IP address. A fix will arrive in version 31.1.
The flaw sits in private broadcast, an optional feature added in version 31.0 this April. Developers published the warning on June 6.
How the Privacy Bug Backfires
Private broadcast sends transactions through Tor, an anonymity network famous for accessing the dark web, so recipients never learn where they originated.
However, the official advisory admits this promise can break.
The trouble begins when the software attempts an encrypted connection to another computer on the network. If that attempt fails, it quietly retries over a normal connection and skips Tor entirely. The recipient then sees the sender’s real IP address, and with it their approximate location.
Worse, attackers do not need luck. A hostile node can deliberately reject the encrypted handshake and force the revealing retry.
The risk is critical because Bitcoin’s ledger is public. Linking a transaction to an IP address can tie payments to a real person.
Who is Affected and What to Do
The bug only touches people who run version 31.0 and switched the feature on. Everyday wallet transactions remain unaffected. Developers credit researcher Eugene Siegel with the discovery.
Meanwhile, markets barely flinched. Bitcoin (BTC) trades near $63,700, little changed over the past day. Developers now face the quieter job of repairing trust in Bitcoin privacy efforts.
Until version 31.1 ships, affected users should disable the feature or route all their traffic through Tor. The episode follows a recent transaction relay dispute and revives questions about who maintains Bitcoin Core.