Bitcoin Core v30 has a vulnerability that could lead to financial losses when upgrading older wallets.

PANews reported on January 6th that, according to Cointelegraph, Bitcoin Core developers warned users on Monday about a wallet migration vulnerability in versions 30.0 and 30.1 that could delete files and lead to financial loss. This issue only occurs under specific conditions and affects migrations of older Bitcoin Core wallets that have never been renamed or upgraded. Bitget wallet market analyst Lacie Zhang stated that the vulnerability is triggered when the software attempts to migrate an unnamed, older "wallet.dat" file stored in a custom wallet directory (usually defined via the "-walletdir" setting) while pruning is enabled. In this scenario, the migration appears to complete successfully, but the cleanup logic incorrectly deletes the entire wallet directory. Orbs community lead Shawn Odonaghue stated that the vulnerability primarily affects "very old wallet settings," and users using hardware wallets or modern wallet software are unlikely to encounter this problem.

Bitcoin Core version 30.1 was released on January 1st, and a wallet migration vulnerability was publicly disclosed on Monday. Developers have withdrawn the binaries for versions 30.0 and 30.1 from the official download website. The project advises users not to use the wallet migration tool until a fixed version, Bitcoin Core 30.2, is released, and emphasizes that existing users who have not attempted to migrate can continue to run their nodes normally.