The "Demonic" vulnerability (CVE-2022-32969) can facilitate the theft of BTC coins of the Bitcoin cryptocurrency

Seed Phrase Compromise: The main danger is that the vulnerability allows the user’s BIP39 seed phrase to be left in plaintext on the device (for example, on the hard drive in unencrypted browser session files). An attacker with physical or remote access to the victim’s computer can use this vulnerability to search for and copy the seed phrase.
Gaining full control over the wallet: By discovering the seed phrase, the attacker gains full control over the user’s crypto assets stored in the corresponding wallet – not only Bitcoin, but also other supported cryptocurrencies. Using the seed phrase, you can restore the wallet on any device and instantly transfer all funds to your addresses.
Multiple cryptocurrencies affected: Since many multi-currency browser wallets (e.g. MetaMask, Brave, Phantom, xDEFI) allow you to manage multiple cryptocurrencies via a single seed phrase, compromising such a wallet opens access to multiple types of funds at once.
Attack scale: To obtain funds, a one-time compromised access to the device is sufficient if the session with the seed phrase is saved – either through malware or when the computer is lost/stolen.
Ease of use: The user does not always realize that he is already risking his funds, simply by entering or viewing the seed phrase through a vulnerable extension. Even after “exiting the wallet”, a copy of the seed phrase may remain in the browser data.

Thus, by exploiting the “Demonic” vulnerability, an attacker actually gains access to a safe with keys to all your wallets, which makes this problem extremely dangerous for users who store significant amounts of Bitcoin and other cryptocurrencies through browser extensions.

Why the “Restore Session” Function Became an Entry Point for Attackers

The “Restore Session” feature became an entry point for attackers in the “Demonic” vulnerability because it automatically saves the contents of browser input fields (including seed phrase fields) to restore open tabs and data after a browser restart. In this process, BIP39 seeds entered by the user in unprotected text fields (not marked as passwords) can be saved as unencrypted data on the local disk in recovery sessions.

This means that even if the user closes the wallet or browser, a copy of the seed phrase remains on the device in clear text due to the session restore function. If an attacker gains physical or remote access to the device, they can easily find these saved sessions and extract the private seed phrase, which gives them complete control over their crypto assets.

Thus, “Restore Session” became an attack vector because:

It saves form data (including unprotected input fields) to disk for recovery after crashes or restarts.
Many browser wallets do not mark seed phrase fields as password fields, so the browser does not encrypt or exclude them from being saved.
This creates a repository of local copies of sensitive data that is accessible to an attacker who gains access to the device.

As a result, the “Restore Session” feature inadvertently allowed potential attackers to gain access to critical, confidential user information, which led to the exploitation of the “Demonic” vulnerability 1 2 .

What vulnerabilities in the implementation of “Restore Session” facilitate attacks

The vulnerabilities in the implementation of the “Restore Session” function that facilitate attacks are related to how browsers save and restore session data, in particular form input data, including sensitive fields. The main problems include:

Saving unencrypted form data: If input fields (such as a crypto wallet seed) are not marked as secure (password-based), the browser saves their contents in clear text on the local disk in recovery sessions. This creates a risk of data compromise if an attacker gains access to the device [from previous answers].
Failure to properly classify sensitive fields: In the case of the “Demonic” vulnerability, it was the fact that the seed fields were not marked as password-type that allowed the browser to save their contents for session recovery, instead of excluding them from saving or encrypting them [from previous answers].
Session ID and Session Control Logic Vulnerabilities: Web applications and browsers sometimes fail to properly clean up or expire sessions. If a session is not properly terminated, sensitive data may remain available longer than necessary 5 .
Weak authentication and access control mechanisms: Insufficient access control to session data and weak authentication may allow attackers to extract data from stored sessions 5 .
Lack of encryption of stored session data: If session data is stored unencrypted on the device, it can be easily accessed by an attacker if the device is compromised [from previous answers].

Taken together, these vulnerabilities make the Restore Session feature a potential entry point for attacks, especially when sessions contain data such as seeds. The primary risk factor is the mishandling of sensitive information and its storage unencrypted in session data, allowing an attacker with access to the device to obtain critical information.

To prevent such vulnerabilities, it is recommended to:

Properly mark sensitive data input fields (e.g. as password-type).
Limit the storage of sensitive data in sessions.
Use encryption for stored session data.
Ensure timely cleanup and termination of sessions.
Strengthen authentication and access control for session data.

Thus, vulnerabilities in “Restore Session” are related to improper handling and storage of sensitive session data, lack of proper protections and controls on the browser and application side 5 [from previous answers].

Why Predictability of Identifiers in “Restore Session” Is Vulnerable to Attacks

Predictability of identifiers in the implementation of the “Restore Session” function is vulnerable to attacks because predictable or consistent values of session identifiers allow an attacker to easily guess or calculate the actual identifier of another session. This allows unauthorized access to the restored session data, including sensitive information such as cryptocurrency wallet seeds.

Specifically why predictability is dangerous:

Ease of session forgery: If session identifiers are generated according to a predictable pattern (e.g. a simple counter or an easily calculated value), an attacker knowing or guessing one identifier can gain access to other active sessions.
Lack of sufficient entropy: Lack of randomness in identifiers leads to them being guessed or calculated with high probability.
Access to unencrypted data: With the Demonic vulnerability and similar scenarios, recovered sessions can store sensitive data (seed phrases, etc.) in unencrypted form, accessible to those with the session ID.
Lack of robust permissions checking: If a web application or browser does not check the appropriate permissions for a session, an attacker can guess the ID and gain access to someone else’s data.

In total, this creates a risk of compromising sensitive information stored in recovery sessions, especially if the sessions contain sensitive data (such as crypto wallet seeds) that can be extracted and used to steal cryptocurrency 1 .

This is a classic security problem in session management, highlighting the need to generate cryptographically strong, random, and unique session identifiers, and to properly handle and encrypt session data.

The “Demonic” vulnerability (CVE-2022-32969) can facilitate the theft of BTC coins of the Bitcoin cryptocurrency and other cryptocurrencies in the following ways:

What is the weak point of ID generation in “Restore Session”

The weakness of the identifier generation in the “Restore Session” function is that these identifiers may be predictable or have low entropy , i.e. not random and unique enough. This creates the following security risks:

If session IDs are generated using a simple, consistent, or predictable pattern (e.g. counters or easily computed values), an attacker can guess or brute-force active IDs of other sessions.
Predictability makes it possible to gain unauthorized access to recovered sessions that may contain sensitive data (e.g. unencrypted crypto wallet seed phrases).
The lack of sufficient cryptographic randomness and security of identifiers violates the isolation of sessions between different users.
In the case of the Demonic vulnerability, it was this ability to access other people’s sessions via predictable identifiers that allowed attackers to extract critical information stored in recovery sessions.

Thus, the weakness is the insufficiently secure, non-randomized and easily guessable mechanism for generating session identifiers for the session recovery function (“Restore Session”), which leads to an increased risk of compromising sensitive data on the user’s device. Without generating cryptographically strong and unique session identifiers, the protection of session recovery data becomes unreliable.

Vulnerability in the session ID generation model, where they go by a sequential counter and are used to restore sessions with confidential data (for example, unencrypted Bitcoin wallet seed phrases). The script will allow you to try to predict or enumerate the IDs of other sessions and gain access to their data.

pythonclass SessionManager:
    def __init__(self):
        self.sessions = {}
        self.next_id = 1  # уязвимый счетчик сессий

    def create_session(self, seed_phrase):
        session_id = self.next_id
        self.next_id += 1
        self.sessions[session_id] = {
            "seed_phrase": seed_phrase  # хранение чувствительных данных без шифрования
        }
        return session_id

    def restore_session(self, session_id):
        # Без проверки доступа - предсказуемое восстановление по ID
        return self.sessions.get(session_id, None)

# Демонстрация использования:
if __name__ == "__main__":
    manager = SessionManager()

    # Создаем три сессии с seed-фразами
    id1 = manager.create_session("seed1_word1 seed1_word2 seed1_word3")
    id2 = manager.create_session("seed2_word1 seed2_word2 seed2_word3")
    id3 = manager.create_session("seed3_word1 seed3_word2 seed3_word3")

    print(f"Session created with ID {id1}")
    print(f"Session created with ID {id2}")
    print(f"Session created with ID {id3}")

    # Злоумышленник знает или догадывается, что ID — простой счётчик от 1
    print("\nTrying to restore sessions by guessing sequential IDs...")

    for possible_id in range(1, 5):
        session = manager.restore_session(possible_id)
        if session:
            print(f"Accessed session {possible_id}: Seed phrase: {session['seed_phrase']}")
        else:
            print(f"Session {possible_id} does not exist.")

Explanation:

The identifiers are generated by a simple sequence (1, 2, 3 …), which allows to guess existing sessions.
Sessions store confidential data (seed phrases) without encryption.
The restore_session function allows you to get session data by ID without checking authorization.
The consequence is a vulnerability: anyone who guesses the generation scheme can gain access to any sessions by brute-forcing the ID.

This demo reflects the problem with low entropy and predictability of session identifiers in critical applications such as storing private keys or crypto wallet seeds. For real applications, it is recommended to use cryptographically strong random values for session identifiers and mandatory access rights checking when restoring sessions.