What is a Replay Attack

NFTing
5 min readOct 11, 2022

--

Replay Attack Explained

Blockchain technology is securely covered by cryptography, is decentralized and distributed, making it difficult to infiltrate and corrupt. However, blockchain is still not immune to cyberattacks being designed to be tamper-proof, democratic, and an immutable technology. In fact, a study by a professor from Bentley University points out that the preventive mechanisms of blockchain such as cryptography, anonymity, and distributed consensus can diminish its resistance to other types of cyber attacks and fraud.

In this article, we will take a look at one of the most prominent cyberattacks that affect blockchain technology today — Replay Attacks.⁠

Defining Replay Attack

A Replay attack is commonly referred to as a man-in-the-middle attack. It happens when a hacker or malicious actor secretly connects, intercepts, and tweaks data on a secure network so that the data/transaction is delayed or repeated to the detriment of the originator. Replay attacks in the blockchain space usually happen during chain splits or hard forks.

Replay attacks exploit the need for the original data to be validated. This validation request is typically sent by an authorized user. Even though a replay attack is directly targeting the network, its security protocols will view a replay attack as a standard transmission of data. This essentially defeats the cryptography aspect of blockchain networks, making replay attacks a strategy of choice by malicious entities who target blockchain.

How does Replay Attack work?

When blockchain ledgers go through hard forks, a.k.a protocol upgrades, it splits into two versions: one using the legacy software and the other one uses the updated version. Hard forks are supposed to upgrade the ledger, but can also branch out into new cryptocurrencies in some cases.

During hard forks, it is possible for attackers to perform replay attacks on blockchain ledgers. Specifically, when a user makes transactions on one ledger with a wallet that’s valid before the hard fork, the transactions will also be valid on the other, after which the same amount of funds can be transferred to a wallet. Replay attacks can be performed a countless number of times unless stopped by the network.

Here is a real-world example for this kind of cyberattack:

A staff member at a company asks for a financial transfer by sending an encrypted message to the company’s financial administrator. An attacker eavesdrops on this message, captures it, and is now in a position to resend it. Because it’s an authentic message that has simply been resent, the message is already correctly encrypted and looks legitimate to the financial administrator.

In this scenario, the financial administrator is likely to respond to this new request unless he or she has a good reason to be suspicious. That response could include sending a large sum of money to the attacker’s bank account.

Why does Replay Attack matter in the crypto world?

Even though it’s relatively easy to defend these attacks, their effects on the crypto world are substantial. Keep in mind that replay attacks aren’t considered to be serious cyber security attacks, since they’re limited in scope and there are many methods for preventing them. This cyberattack will cost users and networks considerable amounts.

When a blockchain fork occurs, its ledger and protocol will be effectively split, which means that two completely separate protocols govern two books. There’s even the possibility for a fork to create new cryptocurrencies, as with Ethereum and Bitcoin. If someone is sent some cryptocurrency tokens from another individual via the blockchain, the first person could then move over to the separate blockchain before replicating the transaction, which would allow them to send the same number of crypto units to their account.

Replay Attacks

Here are some cases of Replay Attacks. Most of the attacks happen during the early days of cryptocurrencies.

Ethereum Classic hard fork

In 2016, Ethereum was hacked and the community decided to vote for a hard fork.

The new chain kept the original name Ethereum (ETH) and focused on improving efficiency and scalability with the Proof of Stake mechanism, while the old chain was named Ethereum Classic (ETC) and still had the Proof of Work mechanism. The structure of both chains are the same, therefore, a valid transaction on Ethereum was also valid on Ethereum Classic and vice versa.

At the time, most people thought Ethereum Classic would no longer be active, and did not pay attention to the possibility of replay attacks on both chains. Then miners who were keeping the ETC network running started to notice that transactions on Ethereum could be replayed on Ethereum Classic.

Exchanges did not find out at the time the Ethereum hard fork took place, that when a user withdraws ETH from the platform, they may receive the same amount of ETC. Many people took advantage of this error to repeatedly deposit and withdraw ETH on exchanges to get extra ETC. Finally, some exchanges such as Yunbi and BTC-e announced the emergence of replay attacks on their platforms, causing almost all ETC to be lost.

Bitcoin Cash hard fork

The case of Bitcoin Cash (BCH) and Bitcoin (BTC) was the same. After the hard fork took place in August, 2017, with just 1 BTC, a user would have 1 BTC and an additional 1 BCH. Moreover, the transaction history also showed some cases where replay attacks caused users who made transactions with BTC also lost their BCH.

This was due to transactions being valid on both chains. Hackers followed transactions on one chain, then duplicated them on the other chain. Therefore, making transactions on Bitcoin would cause assets on Bitcoin Cash to be lost.

How to avoid Replay Attacks?

At the moment, most blockchains have installed security protocols to prevent this type of attack, including 2 notable tools:

  • Strong replay protection: A marker will automatically be added to the new blockchain after the hard fork, ensuring that transactions made on the new blockchain will not be valid on the original chain and vice versa.
  • Opt-in replay protection: Users will mark their transactions themselves so the transactions are no longer valid on the other chain. This means that users need to manually make changes to the transactions.

In addition, users can avoid making transactions when hard forks take place. When there are no transactions, hackers have nothing to replay on the new chain, therefore helping to protect users’ assets.

Some other simple methods are:

  • Using one-time passwords when making transactions. This method is commonly used by banks.
  • Adding timestamps on messages to prevent attackers resending them, while eliminating requests that exceed the specified time frame.
  • Using session keys, known as a one-time symmetric key used to encrypt all messages in a communication session.

Final Thoughts

Replay attacks are a real threat to network security. Unlike other attacks in the blockchain and crypto space, replay attacks do not rely on the decryption of data, making them an effective workaround for malicious actors who are increasingly confronted with secure encryption protocols. With hard forks being used to upgrade or split blockchains, they become more vulnerable to this cyberattack.

As blockchain technology continues to evolve, more and more solutions to replay attacks will exist to eliminate it entirely. In particular, the integration of strong replay protection can guarantee that attackers will be unable to replicate transactions after a hard fork takes place.

--

--

NFTing
NFTing

Written by NFTing

The all-in-one, cross-chain NFT Marketplace!

Responses (1)