Bitcoin Core Developers Uncover Privacy Flaw That Could Expose User IP Addresses

TL;DR:

• Privacy flaw identified: The vulnerability is located in the optional private broadcast feature, which was originally implemented in version 31.0 of the software.
• Data leak mechanism: The technical error causes the system, upon a failure in the encrypted connection protocol, to bypass the Tor network and automatically reconnect, exposing the public IP address.
• Financial market stability: The price of the underlying asset reflected a valuation of $63,700 following the dissemination of the official advisory, showing minimal variations in its daily trading volume.

Bitcoin Core developers detected a security flaw that compromises the anonymity of node operators’ network addresses. The announcement of the bug was made this past June 6, warning that the technical anomaly affects configurations that seek to mask the geographical origin of transactions.

We have become aware of a privacy bug in the -privatebroadcast feature, newly introduced in Bitcoin Core 31.0, that may cause the originator’s IP address to be revealed to the receiving peer under certain network conditions. A fix is forthcoming and will be released with 31.1.

— Bitcoin Core Project (@bitcoincoreorg) June 11, 2026

The technical origin of the flaw in the Tor network

The vulnerability is exclusively confined to the feature known as private broadcast. This privacy feature was originally introduced during the month of April 2026 in the release of Bitcoin Core version 31.0.

This tool is responsible for routing data through the Tor anonymity network so that receiving entities cannot determine the message’s origin.

Information from Bitcoin Core reveals that the protocol fails when the application attempts to establish an encrypted link (BIP324 v2) with another computer on the network. If this communication attempt is not completed correctly, the system executes an automatic retry using the traditional v1 protocol. This alternative action completely discards the Tor proxy, allowing the receiving node to log the sender’s real IP address and their approximate geographical location.

The developer team indicates that the flaw can be intentionally exploited by malicious actors within the validation ecosystem. A hostile node has the capability to deliberately reject the initial encrypted handshake to force the reconnection in plain text.

This scenario increases identity-linking risks because the network’s transaction ledger is completely public. By associating a financial transfer with a specific IP, an attacker could deduce the identity of the funds’ owner.

Impact on users and preventive measures

The bug does not compromise the entirety of the payment network’s computer ecosystem. Daily operations executed through conventional wallets remain completely secure, as they do not employ the affected feature. Researcher Eugene Siegel was formally credited by the development team after responsibly discovering and reporting this anomalous behavior in the software client.

While the deployment of version 31.1 is being prepared, developers advise affected node administrators to temporarily disable the -privatebroadcast parameter or, alternatively, to force the routing of all outbound data traffic exclusively through the Tor network configuration.

On the financial front, quotes in the digital asset markets did not show abrupt variations due to the security incident. Bitcoin traded in a range close to $63,700 over the last 24 hours. Technical sector analysts consider that the real impact is limited to the reputation of privacy implementations, in a period marked by constant debates over governance and data relay mechanisms in the core software.

The official launch of the update containing the security patch stands as the next verifiable milestone for the development community.