What is the critical bug in Bitcoin Core v30 that affects legacy wallets?
Critical Bitcoin Core v30 Bug: Protect Your Funds During Legacy Wallet Upgrades
Introduction: Why Legacy Wallet Upgrades Need Extra Care
Reports circulating in the community warn of a critical issue in pre‑release builds branded as “Bitcoin Core v30” that may affect upgrades from legacy wallet.dat files to modern descriptor wallets. Regardless of how this specific bug evolves, legacy-to-descriptor migration has always been one of the highest‑risk operations for Bitcoin users. This guide explains what’s at stake and how to upgrade safely without putting your coins at risk.
Note: As of 2025, always verify the latest stable version and advisories on bitcoincore.org and the Bitcoin Core GitHub. Treat any “v30” download that is not a tagged stable release as experimental, and proceed only after confirming signatures and release notes.
Legacy vs. Descriptor Wallets: What’s Actually at Risk
Legacy wallets (Berkeley DB wallet.dat) were the norm for years. Modern descriptor wallets explicitly define spending conditions (single-sig, multisig, taproot, etc.) and generally offer safer, more transparent key management. But migration is delicate, especially if you rely on:
- Imported private keys and watch‑only addresses
- Multisig or custom scripts (including miniscript/taproot policies)
- Large keypools and nonstandard change paths
- Pruned nodes that can’t fully rescan history
In worst cases, a faulty upgrade path can omit keys, miss change outputs, or lose metadata needed to detect existing UTXOs-making funds appear missing.
Immediate Safety Checklist for Any v30 or Major Upgrade
- Confirm version status: read the latest release notes and security advisories on bitcoincore.org and the official GitHub. Avoid unofficial builds.
- Verify signatures: check PGP signatures of binaries; prefer Guix‑built releases from reputable maintainers.
- Make multiple backups: copy wallet.dat and the entire wallet directory to offline media. Use the RPC
backupwalletand also manual file backups with the node shut down. - Export keys offline: use
dumpwalletin an air‑gapped environment to create a full key export (store securely, encrypted, never upload). - Disable auto‑upgrades: do not open a legacy wallet in a new major version until you’ve rehearsed the migration on a throwaway machine.
- Test restore: on a separate machine or VM, restore from your backup and confirm all balances and addresses appear before touching your main setup.
- Keep your node unpruned for migration: if you run in prune mode, consider syncing a non‑pruned node temporarily to enable full rescans.
Common Risk Areas and Mitigations
| Risk Area | Mitigation |
|---|---|
| Imported/watched scripts not captured | Manually re‑import via importdescriptors or importmulti with rescan |
| Change addresses missed | Verify descriptor ranges and keypool; rescan from before first use |
| Pruned node can’t rescan | Use a non‑pruned node for migration, then return to prune later |
| Unverified binaries | Verify PGP signatures; only download from official sources |
Safe Migration Path: From Legacy wallet.dat to Descriptor Wallets
If you choose to migrate rather than wait for a bugfix or patch, follow a conservative, audit‑friendly process.
1) Prepare a fresh descriptor wallet
- Use
createwalletwithdescriptors=trueto create a new, empty descriptor wallet. - Record the wallet name and path; encrypt it and set a strong passphrase.
2) Export from legacy wallet securely
- Shut down Bitcoin Core cleanly; back up wallet.dat and the whole data directory.
- On an offline machine, use
dumpwalletto export all keys. Store the file securely (encrypted, offline).
3) Import into the descriptor wallet
- Construct proper descriptors for your key types (e.g.,
wpkh(),sh(wpkh()),wsh(multi()),tr()where appropriate). - Use
importdescriptors(orimportmultifor legacy script paths) with a sufficiently early timestamp andrescan=true. - If the node is pruned, temporarily use a full node for the rescan to avoid missing historical UTXOs.
4) Validate before moving funds
- Check
getwalletinfo,getbalances, andlistdescriptorsin the new wallet. - Compare address lists and UTXOs between legacy and descriptor wallets.
- Send a small test transaction from the descriptor wallet; confirm receipt and change accounting.
Audit and Rollback: Don’t Spend Until You’re Sure
Even after a seemingly successful migration, keep your legacy wallet in cold storage as a read‑only fallback until you’ve:
- Matched UTXO counts and balances in both wallets
- Verified that change addresses are derived by your descriptors
- Completed a full rescan without missing transactions
If anything looks off, stop and roll back: close the new wallet, restore from backups, and wait for an official patch or follow community‑reviewed procedures. For complex setups (multisig, Miniscript, hardware wallets), consider PSBT‑first workflows and independent verification with a second implementation (e.g., HWI or another descriptor‑aware tool) before spending.
Track Official Guidance and Community Signals
- Monitor Bitcoin Core release notes and security advisories.
- Search the GitHub issue tracker for wallet upgrade/migration regressions.
- Follow reputable developers and organizations for patch announcements.
Conclusion: Caution Now, Confidence Later
Upgrading a legacy wallet to descriptors is worth doing, but only with disciplined backups, verified binaries, and a test‑first approach. If you see alerts about a v30 upgrade bug-or any major‑version regression-pause, back up, and validate on a separate machine. By migrating via a fresh descriptor wallet, performing a full rescan, and auditing UTXOs and change behavior, you can protect your coins while staying current with Bitcoin Core’s modern wallet architecture.
