diff --git a/wgengine/magicsock/magicsock.go b/wgengine/magicsock/magicsock.go
index b2852d2e2..dd8f27b23 100644
--- a/wgengine/magicsock/magicsock.go
+++ b/wgengine/magicsock/magicsock.go
@@ -3080,8 +3080,18 @@ func (c *Conn) updateNodes(self tailcfg.NodeView, peers []tailcfg.NodeView) (pee
 			// we don't get this far. If ok was false above, that means it's a key
 			// that differs from the one the NodeID had. But double check.
 			if ep.nodeID != n.ID() {
-				// Server error.
-				devPanicf("public key moved between nodeIDs (old=%v new=%v, key=%s)", ep.nodeID, n.ID(), n.Key().String())
+				// Server error. This is known to be a particular issue for Mullvad
+				// nodes (http://go/corp/27300), so log a distinct error for the
+				// Mullvad and non-Mullvad cases. The error will be logged either way,
+				// so an approximate heuristic is fine.
+				//
+				// When #27300 is fixed, we can delete this branch and log the same
+				// panic for any public key moving.
+				if strings.HasSuffix(n.Name(), ".mullvad.ts.net.") {
+					devPanicf("public key moved between Mullvad nodeIDs (old=%v new=%v, key=%s); see http://go/corp/27300", ep.nodeID, n.ID(), n.Key().String())
+				} else {
+					devPanicf("public key moved between nodeIDs (old=%v new=%v, key=%s)", ep.nodeID, n.ID(), n.Key().String())
+				}
 			} else {
 				// Internal data structures out of sync.
 				devPanicf("public key found in peerMap but not by nodeID")