Bitcoin Core developers issued an urgent warning on Monday regarding a critical wallet migration bug discov…

Lede

Bitcoin Core developers issued an urgent warning on Monday regarding a critical wallet migration bug discovered in software versions 30.0 and 30.1. This vulnerability is classified as a high-risk event because it has the direct potential to delete files and result in a permanent loss of funds for users who encounter the flaw. The issue is not a general threat to every person running a node, but it occurs under specific conditions related to the transition of data from older wallet formats. Developers have moved to inform the community about these risks to prevent accidental data erasure during routine software maintenance.

The bug specifically impacts migrations involving old Bitcoin Core wallets that have never been renamed or upgraded throughout their lifecycle. Because the migration process involves moving and reconfiguring sensitive wallet data, any failure in the underlying software logic can lead to irreversible financial consequences. In this particular instance, the flaw is linked to the cleanup logic used by the software after a migration attempt. Bitcoin Core developers have officially cautioned users against utilizing the migration features in the impacted versions to ensure their private keys and funds remain secure. By publicly disclosing the issue, the project aims to minimize the risk of users losing access to their assets during the upgrade process.

Context

The timeline for this technical issue began with the release of Bitcoin Core version 30.1, which was launched on January 1. Following its deployment, developers and analysts identified the exact triggers for the migration flaw. Lacie Zhang, a market analyst at Bitget Wallet, provided details on how the bug is activated within the software environment. It specifically occurs when the Bitcoin Core application attempts to migrate an unnamed legacy “wallet.dat” file, which is the default naming convention for many older wallet setups that have not been manually modified by the user.

A critical factor in triggering this bug is the storage location of the wallet file. It must be located in a custom wallet directory, a configuration that is frequently defined by users through the “-walletdir” setting in the software. Furthermore, the bug is only manifest when the node has the pruning feature enabled. Pruning is a common method used by node operators to save disk space by deleting old block data, but in versions 30.0 and 30.1, the interaction between this feature and the wallet migration cleanup logic is flawed. When an unnamed legacy file is migrated from a custom directory while pruning is active, the software may mistakenly delete the entire wallet directory, resulting in the removal of all local wallet files despite the migration appearing to have completed successfully.

Impact

The impact of this migration bug is heightened by the overwhelming dominance of the Bitcoin Core implementation within the network. According to data, Bitcoin Core currently accounts for approximately 78% of all reachable Bitcoin nodes. This concentration means that a bug in this specific software version has an outsized influence on the wider Bitcoin ecosystem compared to other implementations. For instance, alternative node software such as Bitcoin Knots accounts for almost 22% of the reachable node population. Because the majority of the network relies on a single implementation, even a specialized bug affecting legacy wallet migrations can pose a broad risk to user security and asset safety.

The primary danger for individual users is the irreversible nature of the file deletion. If the software mistakenly deletes the wallet directory during a migration, and the user does not possess an external backup of their “wallet.dat” file, the loss of funds is effectively guaranteed. Since all local wallet files are removed from the system, there is no way to recover the private keys or the associated bitcoin once the cleanup logic has executed incorrectly. This vulnerability underscores the significant risks associated with software concentration, where a single bug in a dominant implementation can lead to widespread financial harm. Although the bug is not considered consensus-critical, its ability to cause direct asset loss makes it a high-priority issue for the community.

Outlook

In response to the discovery of the migration flaw, the Bitcoin Core project has identified version 30.2 as the official fixed release. This upcoming version is designed to resolve the cleanup logic errors found in versions 30.0 and 30.1, allowing users to safely perform wallet migrations without the risk of accidental file deletion. To mitigate immediate risks, developers have already pulled the binaries for the affected versions from the official download site and have publicly disclosed the bug to warn the community. Users are strongly advised to avoid using any wallet-migration tools until they have successfully updated their software to version 30.2 or a later release.

For users who are not currently attempting to migrate older legacy wallets, the outlook remains stable. Developers have clarified that these individuals can continue to run their existing nodes as normal without being threatened by this specific migration bug. However, the event serves as a critical reminder for all users to maintain external backups of their data directories and wallet files. The Bitcoin Core project’s rapid response in identifying the fix and pulling faulty versions is intended to limit the number of users who might experience fund loss. Moving forward, users are encouraged to verify their software version and wallet type before proceeding with any major updates to ensure they are protected from the conditions that trigger the migration vulnerability.