What is Replay Attack? What are the Ways to Protect from Hackers?

Replay attacks can be used to gain access to real stored information stored on a protected network by presenting seemingly valid credentials. In some cases, hackers assemble different pieces of encrypted messages and present the generated ciphertext to the network, performing what is known as a copy-paste attack. The network's response to this type of attack often provides the attacker with valuable information that can help them steal more information from the system.

Despite the obvious dangers of replay attacks, it is clear what attackers can do using only these types of attacks. Attackers cannot change the information sent because the network will reject it, which will limit the attack's effectiveness in repeating old activities. In addition, it is relatively easy to be protected from such attacks. Even as simple as adding a date or time stamp to a data transmission provides protection against re-attack attempts. In addition, servers can cache repeated messages and block them after a certain number of repetitions, limiting the number of possible attack attempts by repeating messages in quick succession.

Why are Replay Attacks Important for Cryptocurrencies?

These attacks are particularly relevant to cryptocurrency transactions and blockchain ledgers. This is because blockchain ledgers sometimes go through protocol changes or version updates, also known as hard forks. When a hard fork is performed, the existing registry is split into two. While one of these notebooks continues with the old version of the software, the other starts to work with the new updated version. Some hard forks are done just to upgrade the registry, while in others completely new cryptocurrencies are created by creating new branches. One of the best-known examples of this second type of hard fork is the Ethereum Classic update that derives from the original Ethereum registry. When these hard forks occur, it is theoretically possible for attackers to perform counter-replay attacks on ledgers on the blockchain or other network. The transaction performed by a person with a valid wallet before the hard fork in one registry is also valid in the other registry. As a result, a person who buys a certain amount of cryptocurrency from another person in a registry can switch to the other registry and repeat the process and fraudulently transfer the same amount of currency to his own account for the second time. Users who join the blockchain after the hard fork are not affected by these attacks as their wallets are not included in the shared history of the registry.

How to Protect From These Attacks?

While it is a concern that forked blockchain ledgers are vulnerable to replay attacks, most hard forks include security protocols specifically designed to prevent such attacks from succeeding. Active measures against blockchain replay attacks are divided into two; powerful repeat protection and selective repeat protection. In strong replay protections, a special flag is added to the new registry created by the hard fork, preventing an action made there from being valid in the original registry. This protection also covers the opposite situations. This type of protection was preferred when Ethereum Classic was forked from Ethereum.

When strong replay protection is used, it starts working automatically when the hard fork occurs. However, selective replay protection requires users to manually modify their transactions to avoid duplication. Selective protection is thought to be useful in cases where the hard fork is done for the purpose of updating the original registry, rather than creating an entirely new coin.

Apart from these solutions, individuals can take measures to protect themselves so that they do not become victims of repeated attacks. An alternative way of doing this is to lock the cryptocurrencies in a way that they cannot be transferred until the registry reaches a certain number of blocks, so that these cryptocurrencies are not used without being verified by the network, preventing a replay attack. However, it should be noted that not all wallets and ledgers offer this functionality.