Bitcoin Fork Coming: How To Prepare For Replay Attacks (What are replay attacks?)

Bitcoin Fork

Are you holding bitcoins?

Then you must know that you can lose your BTC in the upcoming Bitcoin hard fork (HF) due to replay attacks.

What is a Hard Fork (HF) and What are Replay Attacks?

I think many newbies and non-tech savvy users of Bitcoin might be anxious about so many of these jargonous words. But in this post, I am going to touch upon what this is all about so that you can be well-informed and prepared.

Note: I will typically be using the word “split” instead of “fork” as it is easier to understand.

So let’s see what is going on here…

There has a been an unstoppable debate between these two groups:

  1. Bitcoin Core (BTC)
  2. Bitcoin Unlimited (BTU)

They can’t agree on how to increase the efficiency of transactions on the Bitcoin blockchain.

Bitcoin Core Group (BTC) wants to keep the original code of Bitcoin intact and introduce a “soft fork” with integrated SegWit. It’s ok if you don’t understand what this SegWit soft fork is all about. Just recognize it as a way of increasing efficiency of Bitcoin transactions. (See our guide on Litecoin to understand SegWit.)

On the other hand…

Bitcoin Unlimited Group (BTU) wants to change the original code of Bitcoin by increasing the Bitcoin block size from 1 MB to 2 MB. This is another way of increasing the efficiency of Bitcoin transactions by literally increasing the block limit. And as the original code would need to be changed for this, this is called a “hard fork” (or split).

And now, both groups are not ready to compromise on each others’ recommended solutions.

Hence, the result will likely be a split between the two Bitcoin groups. They would basically split the blockchain in two and apply the solutions which they themselves find suitable.

This would result into two Bitcoin blockchains and two varieties of Bitcoin.

For the sake of this article, let’s assume that there will be two Bitcoin blockchains:

  1. Bitcoin Unlimited blockchain – Bitcoin on this chain may be called BTU
  2. Bitcoin Core blockchain– Bitcoin on this chain may be called BTC

So which blockchain will your bitcoins be on?

The answer is quite interesting:

  • You will get your coins on both blockchains.

After the split, you will have both BTC and BTU balances; in other words, your coin holdings will double.

Wowowow double!!

You may think this is a good thing as your value will also double.

Note: Doubling of coins does not mean doubling of value. The value of both BTC and BTU will be determined after the split based on demand and supply in the market.

Here’s the important part: Both of your coins (BTC and BTU) will have the same private keys.

This split will open up a possibility for another problem called a Replay Attack.

What is a Replay Attack?

Let’s consider an example to make it more non-technical to understand:

Suppose you are making an online payment to an e-commerce website via your credit card. You typed in your credit card and authorized the payment.

While doing this, you were unaware that you were using an infected system which records your credit card’s details and authorization PIN.

The unethical hacker now has your card details and can spend your money wherever he/she wants. The attacker can “replay” (or reuse) the details as many times as he/she wants until you finally notice this is happening.

You might say that this doesn’t happen often.

You might also say that you have extra authentication in place for this type of event.

Yes, I agree, but this is just an example for explaining replay attacks.

What is a Bitcoin Replay Attack?

Bitcoin Replay Attack

The same event which we discussed above can happen to your Bitcoin after the split or hard fork.

How?

Because, as I told you earlier, both your BTC and BTU bitcoins will have the same private keys.

This gives an opportunity to an attacker to reuse the transaction details done on one blockchain on the other blockchain.

The transaction will be valid on both chains, and both BTC or BTU nodes would accept it.

Let’s say you have now BTC on the original Bitcoin blockchain.

Now the chain splits and you have the same amount of BTC on the Bitcoin Core blockchain and BTU on the Bitcoin Unlimited blockchain.

You go to do a transaction of 5 BTC to buy something on the Bitcoin Core blockchain. You sign the transaction and send it to the merchant’s BTC address (and now the merchant also has both a BTC and BTU address).

Then you go and check your BTU wallet and find that 5 BTU has also been deducted from your BTU wallet to the merchant’s BTU address.

That’s because someone (maybe even the merchant!) re-payed/re-broadcasted the transaction that you sent on the BTC blockchain to nodes on the BTU blockchain.

BTU nodes have no way to identify which chain the transaction was meant for. The signed transaction in this scenario becomes valid on both the BTU and BTC blockchain.

And this scenario is also true for vice-versa transactions.

So when both the BTC and BTU have different blockchains, how will the other blockchain accept the transaction as valid?

Good question.

Why are transactions valid on both chains?

Transactions, when replayed, will be valid on both blockchains because, even though the blockchains are different, they are also similar in their individual transactions and historical ledgers.

The split (hard fork) solution to increase Bitcoin transactions is happening at the block level, not at each transaction level. The block contains all transactions.

So a transaction which moves any type of coin (BTC/BTU) from address A to address B on one blockchain will also move the coins on another blockchain if replayed.

Hence, the transactions will be valid on both chains.

Possible Solutions

  1. Change the transaction ID – Some of us might be thinking, “Big deal, just change some parameters in the tx ids and it will be fine”. But this will make all present Bitcoin wallets obsolete and would require a total redesign to make them all compatible again. This a solution, but definitely not an ideal one.
  2. Don’t Transact – Hardware wallets such as the Ledger Nano S advised its users in case of a fork not to issue transactions before the dust settles. They also said unofficially that if someone wants to do so, they should do it at their own risk. For more details, refer to the Ledger support section. However, they have successfully implemented replay attack protection in the past for ETH and ETC after the hype slowed down.
  3. Replay Protection Replay problems can be solved if BTU people employ a solid two-way replay protection mechanism. If a non-replay mechanism is properly integrated, spending your  BTC  will not spend your BTU, and both coins/chains will have a completely different existence.
  4. Use Trezor  Hardware wallets such as Trezor claim that they have a process in place for a hard fork and replay attacks. So doing your transactions from Trezor might save you from replay attacks. Refer to this guide for more info.

Possible Bitcoin Hard Fork And Replay Attacks

However, all of this is just a possibility. But it might turn into a reality very soon. So precaution is always better than cure.

It will be very interesting to see what happens in the next few weeks.

I hope this insight on Bitcoin’s future will help you in making better decisions.

Now I want to hear from you: What would you do in the case of a fork or replay attack? Are you still confused about “replay attacks”? Let me know your thoughts and questions in the comments section below.

And if you liked this post, don’t forget to share it!

Adios!

Also read:

22 thoughts on “Bitcoin Fork Coming: How To Prepare For Replay Attacks (What are replay attacks?)”

  1. Bitcoin Enthusiast

    Hi Sudhir,

    Nice article; found it very informative.

    Quick query. I am using Jaxx.io wallet and have stored my bitcoins there. If I want to unlock my bitcoin cash (BCC) coins and send it to a different wallet, what are the things to keep in mind to ensure that my BTC coins are safe and intact. Appreciate your response.

    Cheers on the good work you are doing!

    Best wishes,
    Bitcoin Enthusiast

    1. Sudhir Khatwani

      Hey

      This the official Twitter comment of Jaxx on Bitcoin Cash (BCC).
      https://twitter.com/jaxx_io/status/889880787985760257

      And here is what they said on Reddit….

      “What Bitcoin Cash will be if it gets created is a complete copy of the Bitcoin blockchain with another name. This means that your addresses and private keys from BTC will also be valid on this copy blockchain. It’s a completely separate coin. What happens is that since your public keys (the address) and the public keys are the same you will get your key pairs from Jaxx: MENU > Tools > Display Private Keys > (I UNDERSTAND) > Display Bitcoin Keys and import them into another wallet that supports the Bitcoin Cash token.”

      So in the light of these comments, you can simply take a back up of your Bitcoin Private keys from Jaxx and import it to another wallet which supports BCC.I too have listed the BCC supporting wallets in this article of Bitcoin Cash (BCC): Everything You need to know about Bitcoin Fork. I believe that’s all you need to do….

      Still, once the fork happens wallets such as Jaxx, Exodus, Ledger or Trezor would surely guide its users on how to unlock the Bitcoin Cash (aka BCC).

      And I too would be sharing it once the fork is done and the initial dust settles. So stay tuned on CoinSutra.

      Hope this helps:)

      1. hi Sudhir .great work on this site and this post
        whats your feedback for the upcoming forks of BTc like platinum and others
        our indian players like Zeb and Uno dont really support these forks .
        so would you suggest moving our BTC to other wallets. i know moving to supporting exchanges like bittrex aint a good idea
        tks
        K

        1. There will be many forks in the future 5 of them in the near future which I am tracking.
          So I don’t think hosted wallets like Zeb or Uno will support that many forks so the best alternative is to keep your BTC with yourself in a Hardware wallet or software wallet where you have your seed keys.

          If you are a risky player and wants to claim your forked coins very early then put it on an exchange that is supporting that particular fork. However, this is highly not recommended.

  2. Create another holding address for use on the alt-coin (whichever you consider the alt). Every time you make a transaction on the “main” chain (again, whichever you consider main), create a corresponding transaction on the alt chain, sending the coins to yourself. If you wish, do this “alt” transaction just ahead of the main transaction. You need only wait a few seconds – there is no possibility of someone outbidding your transaction on the other chain, since the fee IS part of the signed transaction.

    Yes, it’s a small hassle, but it does prevent replays.

  3. Further note: To be iron-clad, it would be advisable to use an intermediate address, posting the exact amount of the transaction (plus fees) in both chains first, then subsequently using that as the source for the main transaction and alt-chain transaction. Generally speaking, this shouldn’t be necessary, but I believe that this step makes this solution foolproof. Thoughts?

  4. You are absolutely right! One of the best things to do is not to do any transactions till the time dust settles. Simply, keep your bitcoin as it is and then sell it near December or January 2018 when Bitcoin’s price is expected to touch $8000. Cheers!

  5. Hi, good article and helped clear up a few things for me so thank you.

    I’d like to know though, when WILL “the dust settle” and what is it about the settling of this ‘dust’ that prevents replay attacks? i.e. why are we most vulnerable immediately after the hard fork and why does the risk diminish after some time?

    Thanks again,

    PJ

    1. @PJ
      There are several risks associated with forked coins some of which are:-
      Lack of strong two-way replay protection.
      The scarcity of hash power and community support.
      Scarcity of community adoption
      Less infrastructure to support.
      Low liquidity resulting from all the above problems.

      These problems either go away with market adoption with time or else the coin dies.

      Hope this helps:)

  6. If I understand it correctly the replayed tranaction sends the same amount of coins to the same receiver address on the other blockchain. In what way can a hacker benefit from this, except that he is the receiver itself? Or is it possible to change the receiver address in the replayed tranaction?

    regards, Vincent

  7. Does someone with less than 1 full coin stand to lose all of its relative value at the time of the Oct. 25 fork?
    Say, if the value of BTCC drops enough, or BTCU fails at inception following the fork?
    Is it worth holding on with a fraction of a coin in hopes that our portfolio variety grows with the addition of “duplicated” coin in BTCU form?
    Should this type of minimal holding be concentrated into one of the 2 “new” BTC types that we believe is the more promising?
    Or does it make sense for a fractional coin holder to trade their piece of a BTC for a different currency such as Ether and hold value there until the fork stabilizes, and BTC investing is safer again?

    Thank you,
    The little guy.

    1. That’s a good approach but it doesn’t help when you are paying to any third party address which you don’t control.
      Imagine a scenario when you are paying for a coffee to a merchant.

  8. I have a question, the replay attack would work only for the same adress, on the other chain ? let’s say I send 1 BTC from my wallet to Joe’s adress, if someone or even Joe, “replay” this transaction on the other chain, he will also receive 1 BTU on his same adress ? my question is the amount (1 BTC/ BTU) and adress (Joe’s) will be the same on the replayed chain ?

  9. I think you make one mistake. After the split, if I use a BTU wallet (not any old wallet) to transfer all my BTU to a new address, it will only be valid in the BTU ledger; the BTU will be properly transferred. But BTC network will consider the transaction as invalid; so my BTC will always remain with the old private key. No way I will lose my old BTC.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Signup to our Newsletter

Join the community of subscribers & get exclusive Crypto tips & tricks

logo@2x
Howdy, Welcome to the popular cryptocurrency blog CoinSutra. Here at CoinSutra, we write about Bitcoin, wallet management, online security, making money from Bitcoin & various aspects of cryptocurrencies. You can read more about CoinSutra on the “About” page.
Scroll to Top