Stand with Ukraine and Donate here

Replay Attack


This is a special kind of cyber attack in which an attacker intercepts data or a transaction in order to resend it over the network. Since the information is initially reliable - everything is in order with a hash, public keys, and digital signatures, network security protocols consider this transmission as new, so they don't block it. The particular effectiveness of the method is that hackers do not need to spend time and resources to decrypt data.

Possibilities of Replay Attack

The simplest and most obvious use is the repeatable cryptocurrency transactions. It is enough for the victim to make a transfer to the attacker's wallet once and that will give him a possibility to repeat this transaction until all the money at the victim's wallet will be spent.

The more complicated option is transferring the received block of information directly to the network in order to find out how exactly will it respond to reliable, but inappropriate data. This could give extremely useful information about the features of various protocols and network algorithms to experienced hackers.

However, it was all the benefits. The main point is that attackers can't change the received data block - otherwise the network will reject it because of the hash mismatch. Even if it became possible, decryption will take a lot of time and effort.

Therefore, it is not very difficult to protect yourself from replay attacks - just insert a timestamp in the message - and each replay message won't be skipped since such marks are read automatically. Also, many networks support caching of duplicate messages, followed by deleting everything above a given limit. That means that you will lose part of your funds but not all of them.

When Replay Attacks are most effective

Replay attacks are frequent. But in some situations, they could be more effective, because they are happening in moments of increased vulnerability of the entire system.

This is so-called hard forks - updates of network protocols, which result is separation for the 2 chains - the main chain, completed by all the nodes that updated the protocol, and old chain. This happens both in the case of regular update and during the creation of a new cryptocurrency.

For example, something similar happened on August 1, 2017, when the new Bitcoin Cash cryptocurrency was separated from the Bitcoin blockchain.

Here is how attackers work. They find a wallet that was valid before the separation of the registers (chains), make a transfer from it for a certain amount, then switch to another register and organizing a second transaction in it. Since the wallet is valid and uses reliable data, the transfer passes.

As a result, the attacker receives funds in double amount, and without any risks. The main thing then is to withdraw “extra funds” as soon as possible, before the alternative register became discarded and declared invalid. In case if this transaction will enter the normal blockchain, it couldn't be canceled thanks to the principle of permanence.

Protection methods

This situation is typical, that's why most blockchains are using special methods of protection against such ""non-traditional"" use of hard forks. These methods fall into two categories - strong protection and optional protection against replay attacks (Opt-in).

Strong protection implies the automatic addition of a new token register to all messages. That's why the received hash won't be accepted at all by the register which wasn't updated. This method is commonly used during the creation of new cryptocurrencies - users would be happy to double their capital, but the system does not approve this. This protection works automatically with any updates of the protocol.

The optional protection point is about making manual corrections that protect against repeatable use. An example is the “time stamp” which was already mentioned. It is extremely useful when hard forks are happening in the process of simple protocol updates of systems that don't use strong protection.

There are other ways of protection. For example, in some networks, you can block the transfer of funds in advance until the register will be extended by several additional blocks. This makes any repeatable messages impossible. But you'll have to wait for a little bit before reusing the wallet. Too bad that not all the cryptocurrencies allow it's using.


Despite its simplicity, a replay attack is a real threat to information security. Since attackers don't need to decrypt intercepted messages, they can act faster and more efficiently. But the basic methods of protection, like individual security precautions, can guarantee effective prevention of such cyber attacks.