Bitcoin Core v31.0 bug can expose IP when Tor fails

Bitcoin Core developers disclosed a privacy bug in the -privatebroadcast feature of version 31.0 that can reveal a sender’s IP address when a Tor handshake fails. The Bitcoin Core Project posted an advisory on June 11 and said a patch will be released with v31.1.

Privatebroadcast, added in April, was intended to route transaction broadcasts over Tor so the node that first relays a transaction does not learn its origin. The flaw occurs when the client attempts an encrypted Tor connection and that handshake fails; the software currently retries the connection over clearnet without Tor, which exposes the sender’s real IP address and an approximate location to the receiving peer.

A receiving node can deliberately reject the encrypted handshake to force the client into the clearnet retry. That behavior can convert the optional privacy feature into an attack vector in which the originator’s network address becomes visible to the peer.

The bug affects users running v31.0 who have enabled the privatebroadcast option. Wallets using default settings without the feature are not affected. The report credits security researcher Eugene Siegel with discovering the issue. Until v31.1 is released, developers advise affected users to disable privatebroadcast or ensure all Bitcoin traffic is routed through Tor at the system level.

Because Bitcoin’s ledger is public, linking an IP address to a transaction can allow observers to correlate payments with a geographic region or with a device over time. The advisory emphasizes caution while a fix is prepared.

Market reaction to the disclosure was muted. Bitcoin traded near $63,700 on the day of the advisory with little change over 24 hours. The disclosure follows recent debates among Bitcoin developers about transaction relay policy and project governance. The team has not provided a precise release date for v31.1 beyond confirming the fix will appear in that version.