Bitcoin Core 31.0 Private Broadcast Bug May Reveal User IP Addresses; Fix Coming in 31.1

Bitcoin Core developers have flagged a privacy flaw in Bitcoin Core 31.0 that could expose the very information the feature was meant to conceal: a user's IP address. The issue affects "private broadcast," an optional transaction relay feature introduced with version 31.0 in April. Developers published an advisory on June 6 and said a patch will be shipped in version 31.1. According to the project, private broadcast is designed to route transactions through Tor so the receiving peer cannot determine where a transaction originated. Under certain network conditions, that protection can fail. When the software attempts to establish an encrypted connection and the attempt is rejected or otherwise fails, it may retry over a standard connection without Tor. In that case, the receiving peer can see the sender's real IP address, revealing an approximate location. The advisory notes the scenario can be triggered deliberately. A malicious node can refuse the encrypted handshake and induce the fallback connection, increasing the chance of deanonymization. Because Bitcoin's ledger is public, linking an on-chain transaction to an IP address can help tie payments to a real-world identity. The bug impacts users running Bitcoin Core 31.0 who have explicitly enabled private broadcast; typical wallet transactions are not affected. Developers credited researcher Eugene Siegel with identifying the issue. Market reaction was muted. Bitcoin (BTC) traded around $63,700, little changed over the past day. Until version 31.1 is released, affected users are advised to disable private broadcast or ensure all traffic is routed through Tor. The incident follows a recent dispute over transaction relay and again raises questions about stewardship of the Bitcoin Core codebase.