Bitcoin Core disclosed on June 6, 2026 that version 31.0 of its node software had a privacy bug. This bug could potentially expose the IP address of the computer sending the transaction to the receiving node. According to the official notification, this failure is due to a feature precisely designed to protect that information.
The project is recording that an error has occurred When a node attempts to establish an encrypted connection with a peer on the traditional Internet (IPv4 or IPv6) and that connection fails. In that case, the software is unencrypted and retries the connection without routing the traffic through Tor, exposing the sender’s real IP. The organization warns that malicious attackers could intentionally cause such failures and force unprotected retries.
Bitcoin Core is a team of developers that maintains reference software for operating nodes on the Bitcoin network. Its repository has the largest history of security audits in the ecosystem, and its vulnerability notifications are closely monitored by node operators, exchanges, and institutional administrators.
This bug contradicts the guarantee the project published in its 31.0 release notes, which stated that the sender’s IP address “will never be known to the recipient” when using this feature. private broadcast. According to the notification, Connections through networks such as Tor onion or I2P are not affected.This is because it remains protected even if connection retries occur.
Conditions affecting Bitcoin Core 31.0
The project specifies that the error is activated only if all of the following conditions occur on the same node:
- Runs on Bitcoin Core 31.0 private broadcast Now valid.
- Transactions sent using commands sendrow transaction.
- Tor can be used for outbound connections.
- Active direct connection to the traditional Internet without additional network restrictions.
- BIP324 encrypted transport protocol is enabled (default setting).
This project will clarify the functionality of a standard wallet. destination address ah Cendor— Do not use private broadcast Not affected.
Bug fixes and interim measures
Bitcoin Core indicates that this fix will ship in version 31.1. meanwhile, Organizations recommend that affected users apply one of three countermeasures:: disable the feature private broadcast=0; disable BIP324 encryption protocol v2 transport=0This means that all node connections operate without encryption. Alternatively, redirect all outgoing traditional internet traffic through Tor. This is a solution that increases the risk to Sybil attacks, according to the project.
The discovery of the error is credited to Eugene Siegel, as stated in Bitcoin Core’s official notice.
Until version 31.1 is available, the project: private broadcast You can assume that the IP address remains private to the node receiving the transaction.
This bug reveals a discrepancy between what was promised in version 31.0 and how the software actually behaves under adverse network conditions. Bitcoin Core recognizes this ruling. This may be due to an unexpected interaction between the BIP324 encryption protocols. The connection retry mechanism is currently being fixed. On the other hand, the privacy of trusted node operators is private broadcast It relies on interim measures that introduce new security restrictions, according to the project itself.
