June Blockchain Technology Update: Bitcoin Core Privacy Vulnerability Fixed, Glamsterdam Postponed, Solana SIMD OutlookWritten by: GaryMa, Wu BlockchainThe WuBlockchain summarizes key developments in the blockchain technology space for June:BitcoinBitcoin Core published a post disclosing a privacy vulnerability in the newly introduced -privatebroadcast feature of version 31.0. Under specific network conditions, this flaw could potentially expose the transaction initiator’s IP address to the receiving node; a fix will be released with version 31.1. The vulnerability occurs when the private broadcast selects an IPv4 or IPv6 node that supports BIP324 v2 transport. If the v2 handshake fails, Bitcoin Core falls back to retry via v1, but this reconnection bypasses the Tor proxy and connects directly to the peer via IPv4 or IPv6. The affected scope includes Bitcoin Core 31.0 nodes that have -privatebroadcast enabled, broadcast transactions via the sendrawtransaction RPC, and can establish direct IPv4/IPv6 outbound connections. Wallet RPC, onion, and I2P node connections are unaffected. Bitcoin Core advises relevant users to disable -privatebroadcast, disable v2 transport, or route IPv4/IP
升级到 31.1.Bitcoin Core v31.1rc1 之前通过 Tor 的 v6 出站流量已发布。此版本包括多项新功能、错误修复、性能改进和翻译更新。用户可以从Bitcoin Core官方网站下载测试版本。此更新中的关键修复之一解决了 PrivateBroadcast 功能下的 IP 地址泄漏问题。以前,在某些情况下,可能会通过明网而不是启用的隐私网络建立相关连接。 This release also includes multiple fixes across modules such as validation, P2P network, wallet migration, MuSig, build system, testing, and CI.Bitcoin developers are discussing the removal of explicit Replace-by-Fee (RBF) signaling from the Bitcoin Core wallet. D
June Blockchain Technology Update: Bitcoin Core Privacy Vulnerability Fixed, Glamsterdam Postponed, Solana SIMD Outlook
Written by: GaryMa, Wu Blockchain
The WuBlockchain summarizes key developments in the blockchain technology space for June:
Bitcoin
Bitcoin Core published a post disclosing a privacy vulnerability in the newly introduced -privatebroadcast feature of version 31.0. Under specific network conditions, this flaw could potentially expose the transaction initiator’s IP address to the receiving node; a fix will be released with version 31.1. The vulnerability occurs when the private broadcast selects an IPv4 or IPv6 node that supports BIP324 v2 transport. If the v2 handshake fails, Bitcoin Core falls back to retry via v1, but this reconnection bypasses the Tor proxy and connects directly to the peer via IPv4 or IPv6. The affected scope includes Bitcoin Core 31.0 nodes that have -privatebroadcast enabled, broadcast transactions via the sendrawtransaction RPC, and can establish direct IPv4/IPv6 outbound connections. Wallet RPC, onion, and I2P node connections are unaffected. Bitcoin Core advises relevant users to disable -privatebroadcast, disable v2 transport, or route IPv4/IPv6 outbound traffic through Tor before upgrading to 31.1.
Bitcoin Core v31.1rc1 has been released. This version includes multiple new features, bug fixes, performance improvements, and translation updates. Users can download the test version from the official Bitcoin Core website. One of the key fixes in this update addresses the IP address leakage issue under the PrivateBroadcast feature. Previously, under certain circumstances, relevant connections might be established over the clear web rather than the enabled privacy network. This release also includes multiple fixes across modules such as validation, P2P network, wallet migration, MuSig, build system, testing, and CI.
Bitcoin developers are discussing the removal of explicit Replace-by-Fee (RBF) signaling from the Bitcoin Core wallet. Developer rkrux stated that since full-RBF has become a standard policy, the BIP 125 RBF signal has become redundant and may leave unnecessary on-chain fingerprints for wallets. Community member Murch noted that stopping the transmission of replaceability signals is not a simple removal of “fingerprints” because each sender must still choose a sequence number for every input; currently, about 75% of transactions already use specific sequence numbers, primarily MAX-2. rkrux expressed that the default input sequence number should adopt best practices recognized by the broader wallet community.
Ethereum
Glamsterdam Upgrade: Ultimate L1 Scaling and MEV Fairness. Progress: The mainnet activation has been postponed to the second half of the year, with Devnet-5/6 iterations and counter-measures against new EIPs under development.
Hegota Upgrade: Censorship Resistance, Privacy Enhancement, and Node Slimming. Progress: Advancing steadily, tightly targeting the late 2026/early 2027 window. The team rejected EIP-8222 for mandatory private staking, fully retreating to and locking down FOCIL’s “ultimate censorship resistance” roadmap.
Ethereum researchers Thomas Coratger, Tom Wambsgans, and others published an article exploring the establishment of a post-quantum public key registry for validators. This initiative aims to drive the gradual migration of Ethereum’s Proof-of-Stake from BLS signatures to post-quantum secure signature schemes. The article states that the migration will take place in phases: first, a registry fork will allow validators to pre-register post-quantum public keys, followed by several subsequent forks before officially switching the signature mechanism. The candidate options focus heavily on the hash-based XMSS signature, which features a public key of just 52 bytes, though a single signature is approximately 3112 bytes, requiring the assistance of leanVM and post-quantum SNARK aggregation to reduce network overhead.
Tom Lehman, developer of EIP-8182 (the Ethereum native private transfer proposal), announced on X that the proposal has been officially Proposed for Inclusion (PFI) in the Hegotá hard fork upgrade. The proposal aims to introduce a non-mandatory, protocol-fee-free private transfer feature as a native mechanism directly into Ethereum’s underlying L1 protocol layer. By utilizing fixed-address system contracts and ZK verification precompiles, it allows all wallets and applications to share the same protocol-layer anonymity pool, breaking the fragmentation dilemma of traditional privacy applications. The system abandons token or multi-sig governance, relying entirely on Ethereum’s own hard fork network upgrades for smooth evolution. Currently, the proposal has entered the critical phase of vying for a spot on the Core Developers (ACD) hard fork schedule.
Consensys CEO Joseph Lubin stated that Ethereum could become a fully zero-knowledge-proof-based protocol within 3 to 5 years, thereby improving the base layer and enhancing composability between Ethereum and Layer 2. Lubin noted that Layer 2 has already achieved real-time zero-knowledge proof generation, and these capabilities will be introduced to Layer 1 in the future, ultimately driving Ethereum to shift toward a zero-knowledge proof protocol supported by multiple formally verified provers. He also mentioned that Linea, Gnosis, and others are leveraging zero-knowledge proofs to achieve synchronous composition of transactions across different networks, which could support a bridge-free, single atomic execution environment in the future to unify fragmented liquidity. Lubin added that there will not be a “second foundation”; at least three groups will spin off from the Ethereum Foundation, focusing respectively on core protocol work, usability and scalability, and institutional outreach.
Ethereum core developer Terence tweeted that Glamsterdam devnet-6 has been released, making significant progress toward the testnet. Among the updates, EIP-8282 introduces ePBS builder execution requests and includes two new system contracts. On the execution layer front, post-bal-devnet-7 work includes the addition of EIP-2780, EIP-8038 (repricing), EIP-7997, EIP-8246, EIP-8070 (optional), as well as adjustments to EIP-7954 (64 KiB), EIP-8037 (origin-based refunds), and EIP-7928 (BAL×7702 warm-up status quo maintained).
Ethereum L2s
Starknet announced the launch of STRK20, a zero-knowledge proof privacy framework, supporting any ERC20 asset within the network to achieve private balances and confidential transfer features. The framework utilizes zero-knowledge proof technology and can be applied to scenarios such as transfers, trading, lending, staking, and payments. Unlike traditional coin mixers, STRK20 embeds privacy functions directly into the asset flow process. It also introduces a Viewing Keys mechanism, allowing users to selectively disclose specific transaction information under legal requirements to balance privacy protection with compliance needs. The first asset to adopt STRK20 is strkBTC.
The Ethereum L2 network Base has deployed its second network upgrade, Beryl, to the Base Sepolia testnet, with plans for mainnet activation on June 25. This upgrade will introduce the B20 token standard, which can be used to issue stablecoins and other assets directly within the Base node software. B20 is compatible with ERC-20 and supports features such as signature authorization, minting/burning, supply caps, transfer policies, and freezing/seizure. Beryl will also shorten the standard withdrawal waiting time from Base to Ethereum from 7 days to 5 days, and introduce Reth V2 to reduce node disk footprint.
The Polygon zkEVM Mainnet Beta will officially cease operations on July 1, 2026, with only about two weeks remaining before the shutdown. Officials stated that users should withdraw their assets and LP positions from Polygon zkEVM before the deadline; otherwise, the relevant funds may become unrecoverable. According to the migration plan previously announced by Polygon, assets that are merely held in wallets and have not completed cross-chain transfers will automatically migrate to the Ethereum mainnet and can be claimed via a dedicated interface, whereas assets locked in DeFi protocols cannot be automatically migrated.
Arbitrum announced its latest product priority roadmap, shifting further from a scaling solution to infrastructure geared toward global financial markets. Key directions include dynamic Gas pricing, chain-level KYC/AML/OFAC compliance tools, privacy features, ZK-proof-based fast settlement, and the Universal Intents cross-chain standard connecting networks such as Ethereum, Solana, Hyperledger, and Canton. Additionally, Arbitrum plans to launch yield-bearing cross-chain bridges, real-time sequencer data streams, and Priority Gas Auctions (PGA) to enhance capital efficiency and institutional adoption.
Solana
Solana-related SIMD proposals are expected to advance to completion within this year. Among them, SIMD-123 has passed and is nearing the code-complete stage; the discussion draft for SIMD-547 shares essentially the same direction as SIMD-553, while both SIMD-553 and SIMD-550 have received concept ACK from Anza. If SIMD-550 and SIMD-553 are implemented together, they will increase the annual SOL inflation disinflation rate from 15% to 30%. Under current price assumptions, this could reduce token emissions by approximately $1.36 billion over six years, while boosting the average daily SOL burn from around 650 SOL (approx. $47,000) to a maximum of around 9,000 SOL (approx. $646,000).
BNB Chain
BNB Chain proposed the BEP-675 proposal, intending to remove the validator-side bid simulation process from the BSC MEV path. Instead of validators performing double execution on transactions, they will directly receive the BidBlock — where the transaction execution results are pre-calculated by the builder — and propose the block for confirmation. This mechanism shifts the complete EVM execution path from the validator side forward to the builder side, increasing the Gas limit by approximately 50% and extending the builder competition window from about 30% of the block time to about 45%.
Security
Zcash Foundation released Zebra 4.5.3 and 5.0.0 to fix a critical soundness vulnerability in the Orchard Action circuit. Zebra 4.5.3 temporarily disabled Orchard actions on the mainnet via an emergency soft fork at block height 3,363,426; Zebra 5.0.0 activated the NU6.2 hard fork network upgrade at block height 3,364,600, re-enabling Orchard with the corrected circuit. The Zcash Foundation stated that the vulnerability was discovered before any known exploitation, no unauthorized value creation was detected, and user privacy was not compromised. Sapling and transparent transactions operated normally during the incident. All Zebra node operators are advised to upgrade to 5.0.0 as soon as possible.
Algorand Foundation announced its post-quantum security roadmap, planning to achieve broader quantum resistance by the end of 2027. The roadmap shows that Algorand will introduce post-quantum accounts, multi-sig wallets, and staking support starting in 2026, subsequently expanding protection to core protocol components. The Algorand Foundation noted that migrating live blockchain infrastructure to post-quantum cryptography could take several years, making it necessary to prepare well ahead of the so-called “Q-Day” (the hypothetical point in time when quantum computers will be capable of breaking current digital asset cryptographic systems).
The SlowMist Security Team issued an alert stating that new malware variants (Shai-Hulud / Miasma / Hades) associated with the stolen developer account “czirker” have emerged in the npm ecosystem. Attackers trigger malicious code during the npm install process via a pre-configured binding.gyp file. Currently, 23 affected packages have been confirmed, among which leo-logger reaches 3,140 weekly downloads; additionally, 408 GitHub repositories containing stolen credentials have been discovered. The malicious activities involve stealing GitHub and npm tokens, cloud credentials (AWS / GCP / Azure), local environment data, and abusing GitHub Actions. SlowMist advises security teams to immediately inspect lockfiles and package records, remove relevant packages, rotate all critical keys, and enforce two-factor authentication (2FA).
Others
Microsoft unveiled its second-generation topological quantum chip, Majorana 2, at its annual Build conference. The company claimed its reliability is 1,000 times higher than the previous generation, with an average qubit lifetime of 20 seconds, and some lasting for about 1 minute. Microsoft stated that AI Agent tools helped the team accelerate material screening, automate measurements, and optimize manufacturing processes, anticipating that they will move closer to achieving scalable quantum computing by 2029. Decrypt pointed out that this progress has reignited external discussions regarding the future threat of quantum computing to Bitcoin’s digital signature security, but it does not mean that current quantum computing is capable of attacking Bitcoin.
The Ledger Donjon security research team disclosed a hardware vulnerability in the TROPIC01 chip used by Trezor Safe 7. This vulnerability allows attackers to bypass the firmware verification system via sophisticated laser attacks in a laboratory environment. Trezor stated that user funds, wallet backups, and private keys are not stored on this chip, and user funds remain unaffected. Tropic Square stated that all deployed production versions of the TROPIC01 chip are affected, and another attack path has been discovered that could affect the MAC-and-Destroy security mechanism; a hardened version of the chip is expected to launch by late 2026, with full technical details expected to be disclosed in the spring of 2027.
Zcash core developer Sean Bowe published a post updating the progress of Ironwood. Protocol developers from various organizations have held two meetings and agreed on multiple specification and implementation changes, including disabling the Orchard pool bundle in Coinbase transactions, using anchors as authentication data for the hardware wallet migration experience, and the processing order of ZIPs and specifications. Currently, the Ironwood circuit and the draft integration for ZIP 2005 are under review, and Valar Group has launched a testnet and implemented certain wallet-side changes. Sean Bowe stated that the formal verification work for Ironwood is moving forward, at least three major auditing firms are auditing Orchard, and multiple sets of AI auditing tools are checking the codebase, with progress currently going smoothly.
Zcash has finalized its Ironwood network upgrade plan, aiming for activation in July. This upgrade is designed to resolve the “infinite inflation” vulnerability crisis previously faced by the Orchard privacy pool. Ironwood will introduce a newly fixed privacy pool and gradually shut down the old one. Once the upgrade is complete, users and nodes running Zcash software will be able to aggregate balances from both the old and new pools to independently verify whether the total circulating supply of ZEC exceeds its hard cap of 21 million, thereby restoring market confidence in Zcash’s fixed supply mechanism under a decentralized premise.
Follow us
Twitter: https://twitter.com/WuBlockchain
Telegram: https://t.me/wublockchainenglish