What is Replay attack?
As the name implies, a replay attack, also known as a playback attack, is a type of cyber attack where the attacker intercepts a secure network connection, then resends a valid data transmission. Since the original data comes from an authorized user and is intercepted straight from a network, the attacker doesn’t need to decrypt them.
This type of exploit happens when forked cryptocurrencies allow transactions to be valid on both chains. It allows attackers to gain access to valuable information stored on networks. In some cases, financial institutions duplicating transactions may also allow attackers to steal victims’ funds and assets.
How do replay attacks work?
When blockchain ledgers go through hard forks, a.k.a protocol upgrades, it splits into two versions: one using the legacy software and the other one uses the updated version. Hard forks are supposed to upgrade the ledger, but can also branch out into new cryptocurrencies in some cases.
During hard forks, it is possible for attackers to perform replay attacks on blockchain ledgers. Specifically, when a user makes transactions on one ledger with a wallet that’s valid before the hard fork, the transactions will also be valid on the other.
Therefore, the receiver of the coins can switch to the other ledger, duplicate the transaction and receive the same amount of coins one more time. However, this also means that users whose wallets are created on a blockchain after a hard fork takes place will not be victims of replay attacks.
Let’s take an example: Bakery A wanted to expand its business in multiple directions, therefore split into Bakery B and Bakery C. After splitting, even though all customer, transaction and payment data is kept on both systems, the 2 bakeries operate on their own and no longer exchange information.
Alice was one of the customers who shopped at Bakery A before the split, therefore, her customer data was stored on Bakery B and Bakery C’s systems. She made a payment and sent the information to Bakery B, where an assistant confirmed and delivered her cake. She then sent the same information to Bakery C, also got it confirmed and another cake was delivered.
In this case, Alice took advantage of the two bakeries not being able to communicate with each other to get 2 cakes for only 1 payment.
Some popular examples of replay attacks in crypto are Bitcoin Cash hard fork (from Bitcoin) and Ethereum Classic hard fork (from Etherum).
Cases of Replay Attacks
Ethereum Classic hard fork
In 2016, Ethereum was hacked and the community decided to vote for a hard fork.
The new chain kept the original name Ethereum (ETH) and focused on improving efficiency and scalability with the Proof of Stake mechanism, while the old chain was named Ethereum Classic (ETC) and still had the Proof of Work mechanism. The structure of both chains are the same, therefore, a valid transaction on Ethereum was also valid on Ethereum Classic and vice versa.
At the time, most people thought Ethereum Classic would no longer be active, and did not pay attention to the possibility of replay attacks on both chains. Then miners who were keeping the ETC network running started to notice that transactions on Ethereum could be replayed on Ethereum Classic.
Exchanges did not find out at the time the Ethereum hard fork took place, that when a user withdraws ETH from the platform, they may receive the same amount of ETC. Many people took advantage of this error to repeatedly deposit and withdraw ETH on exchanges to get extra ETC. Finally, some exchanges such as Yunbi and BTC-e announced the emergence of replay attacks on their platforms, causing almost all ETC to be lost.
Bitcoin Cash hard fork
The case of Bitcoin Cash (BCH) and Bitcoin (BTC) was the same. After the hard fork took place in August, 2017, with just 1 BTC, a user would have 1 BTC and an additional 1 BCH. Moreover, the transaction history also showed some cases where replay attacks caused users who made transactions with BTC also lost their BCH.
This was due to transactions being valid on both chains. Hackers followed transactions on one chain, then duplicated them on the other chain. Therefore, making transactions on Bitcoin would cause assets on Bitcoin Cash to be lost.
Consequences of Replay attacks
In reality, replay attack is not considered a serious cyber security attack since it still has limitations and solutions could be drawn to prevent it. In crypto, replay attacks only occur during blockchain hard forks.
The attackers are unable to access all data during transmission due to how the system works, affecting the attack itself. However, once an error appears, the hackers will take advantage and cause great losses to both the system and the users.
In traditional markets, replay attacks can be used to gain access to information stored on a network by relaying valid information. This form can also be used to bypass financial management institutions to duplicate transactions, allowing hackers to steal funds from the victim's account.
How to prevent Replay attacks
At the moment, most blockchains have installed security protocols to prevent this type of attack, including 2 notable tools:
- Strong replay protection: A marker will automatically be added to the new blockchain after the hard fork, ensuring that transactions made on the new blockchain will not be valid on the original chain and vice versa.
- Opt-in replay protection: Users will mark their transactions themselves so the transactions are no longer valid on the other chain. This means that users need to manually make changes to the transactions.
In addition, users can avoid making transactions when hard forks take place. When there are no transactions, hackers have nothing to replay on the new chain, therefore helping to protect users’ assets.
Some other simple methods are:
- Using one-time passwords when making transactions. This method is commonly used by banks.
- Adding timestamps on messages to prevent attackers resending them, while eliminating requests that exceed the specified time frame.
- Using session keys, known as a one-time symmetric key used to encrypt all messages in a communication session.
FAQs about replay attack
What can hackers do with a Replay attack?
Hackers performing replay attacks may be able to obtain information on protected networks. For financial institutions, duplicated transactions may allow attackers to take money from unsuspecting accounts.
For blockchains, when a hard fork takes place and divides the original chain into 2 versions, attackers are able to penetrate the blockchain security and make valid transactions on both chains. This means that they’ll fraudulently receive twice the amount of money used to make transactions.
How can blockchains be protected against these kinds of attacks?
As blockchains and cryptocurrencies are more vulnerable to replay attacks, it is crucial that developers apply safety measures for their projects.
For example, as mentioned above, blockchains can use strong replay protection, attaching a special marker to the new chain from a hard fork. This way, transactions on the new chain will no longer be valid on the legacy chain and vice versa. Opt-in replay protection, which requires users to mark transactions manually, is also a popular method for blockchains.
Individual users and investors could also protect themselves from replay attacks by avoiding making transactions during or right after hard forks happen.
Even though replay attack is not a common type of cyber security attack in crypto, it can take advantage of system vulnerabilities without the need for complicated decryption. Therefore, it is crucial for all parties to be aware of and apply proper safety measures to avoid heavy losses.