The evolution of digital and online services has been accompanied by the development of new cyberattack methods. Cryptocurrencies are an attractive target for cybercriminals because they are semi-legal and sometimes have security flaws that most users are not fully aware of. Therefore, all cryptocurrency users should be prepared to defend against cyberattacks and protect their digital funds.

This article focuses on a frequent attack type known as a replay attack. It explains what a replay attack is, the specifics of replay attacks in the cryptocurrency world, how to prevent this attack, and more.

What Is a Replay Attack?

A replay attack is a method used by cybercriminals to impersonate a legitimate network user and carry out fraudulent activity. In this type of attack, a malicious actor intercepts a message (which may be encrypted) and re-transmits it to a receiver to bypass authentication checks or perform other malicious activities on the network on behalf of the valid user. To the system, the malicious actor appears indistinguishable from authentic users because they replay valid messages sent by those users.

Image source: Coincu

Transaction duplication, impersonation of legitimate network actors, and other fraudulent actions are common goals of replay attacks. What makes replay attacks particularly dangerous is that they do not require much skill from intruders. They don’t have to decrypt anything; they simply need to secretly capture a legitimate message and re-transmit it. 

Replay Attack Examples

Replay attacks are widespread and occur in many different spheres, including financial apps and keyless car systems. It’s safe to say that they take place wherever authorization messages or user authentication are used – essentially, wherever a user authorizes actions via a message that can be captured and re-submitted by malicious actors.

Below are examples illustrating how replay attacks work in several different situations:

Online finance services. Online finance services: A replay attack can occur when a user initiates a transaction to send funds. The transaction requires authorization via a signature or digital token. The message containing the signature or encrypted digital token is captured by a malicious actor, who then re-transmits the transaction multiple times, hoping to transfer (steal) as much of the valid user’s funds as possible. Because the transactions are signed with seemingly authentic signatures or digital tokens, the platform’s security system allows them to pass through.

Keyless car entry. Keyless car entry systems typically rely on specific radio frequencies transmitted very close to the car, enabling communication between the owner and the vehicle. These signals can be captured by a replay attacker, who can then use the same frequency to unlock and use the car. If the vehicle is not properly protected, it will unlock because the criminal is using the frequency that serves as the authentication mechanism.

User authentication. Business data accessible only to authorized network participants can be stolen through a replay attack. When a legitimate network participant authorizes access to sensitive data, the attacker captures the authorization message to access the files on behalf of the valid participant. Even if the authentication token is encrypted, the attacker does not need to decrypt it because the legitimate participant has already transmitted the proper authorization message. If the system lacks adequate protection, it registers the message as valid and grants the attacker access.

Replay Attack and the Crypto World

Because many cryptocurrency platforms (exchanges, wallets, DeFi services, marketplaces, and others) use authorization and allow users to send transactions, they are susceptible to replay attacks.

Blockchains are quite vulnerable to replay attacks, which can occur during hard forks of cryptocurrencies. A fork creates a new cryptocurrency and a new chain that shares the same transaction history as the parent chain. Attackers can capture a transaction occurring on the parent chain and re-transmit it to the new one. In some cases, the new blockchain will recognize the transaction as legitimate and duplicate it. Such attacks occurred during the Ethereum Classic and Bitcoin Cash hard forks.

Image source: Cyfrin

Moreover, replay attacks are possible during blockchain-based voting. An attacker can re-transmit the transaction containing the vote multiple times, creating additional votes that can be considered legitimate if the network is not using measures to protect against replay attacks.

Replay Attack Prevention

To prevent harm from replay attacks developers offer the following methods:

Nonces and sequence numbers: On most blockchains, nonce and sequence numbers are unique for each transaction. Typically, these numbers increase with every new transaction, making it impossible to replay a transaction that has already been transmitted. Blockchains using nonces are better protected from replay attacks.

Timestamps: Transactions with added timestamps that limit the period of validity create another layer of replay attack prevention.

Identifiers: To prevent a transaction from being replayed, a unique identifier or random values can be added to it. This identifier or random data will signal to the blockchain that the transaction is valid.

Smart contracts: Smart contracts can be used to protect transactions by adding terms that make them valid only if the transaction meets specific conditions or occurs within a specific timeframe.

Tokenization: Some blockchains require a unique one-time token for each transaction. This means that a replay would require a new token.

Off-chain solutions: A prominent example of an off-chain solution is the Lightning Network, which aims to address Bitcoin’s scaling problem. It allows Bitcoin owners to send transactions off-chain, effectively shielding them from replay attacks. By moving transactions away from the main blockchain, the Lightning Network creates a separate layer where transactions are conducted directly between participants, making it extremely difficult for attackers to intercept and replay them.

Multi-Signature (multisig) transactions: When a transaction requires multiple signatures for authorization, it significantly enhances its security and legitimacy. Forging multiple signatures presents a much greater challenge for an attacker than compromising a single signature. This added layer of security makes multisig transactions a powerful deterrent against replay attacks, as the attacker would need to compromise multiple parties to successfully execute a replay.

Freewallet Secure Web3 Wallet

In February 2024, we launched a new multicurrency secure Web3 wallet app, a self-custody wallet developed by Freewallet. This wallet prioritizes user security by storing private keys directly on your device, eliminating the risk of data being stolen or misused on our end. We employ robust encryption protocols to protect the communication between you and Freewallet, making it significantly harder for malicious actors to carry out replay attacks.  

The wallet incorporates several security features, including biometric signup, a PIN or passcode, and spending limits, providing multiple layers of protection against unauthorized access.  For wallet recovery, users rely on a seed phrase, ensuring that only the rightful owner can regain access to their funds.

Beyond its robust security, the Freewallet Web3 wallet offers support for over 1,000 cryptocurrencies based on 15 blockchains, providing users with extensive flexibility and options. To further expand opportunities, users can even add custom blockchains. 

The wallet allows seamless token swaps and exchanges without needing to leave the app, simplifying the trading experience. Users can also purchase cryptocurrencies directly with a card using local partner operators. Designed to be Web3-ready, the wallet enables access to DeFi platforms via WalletConnect, unlocking a world of decentralized finance possibilities. Users can stay informed about the latest market changes and conveniently monitor their portfolio directly within the app.

The Freewallet Web3 wallet stands as a comprehensive all-in-one platform, harmonizing user-friendliness with robust functionality, making it an ideal choice for both seasoned crypto traders and newcomers alike.


Cryptocurrency platforms are consistently targeted by replay attacks, posing a constant threat to user funds and the integrity of blockchain networks. The methods and impacts of these attacks on blockchain-based platforms and projects largely depend on the specific type of replay attack and the platform being targeted.

The fundamental goal of replay attacks is to exploit a valid user’s authorization message to conduct malicious activity on the platform. Typically, this involves stealing funds by executing a series of duplicated transactions authorized by a captured valid message.

Fortunately, the blockchain ecosystem has developed various strategies to counter replay attacks. Using a non-custodial wallet like the Freewallet Web3 wallet is one effective way to minimize the risks associated with these attacks. By combining secure key management with robust encryption and advanced features like multi-signature transactions and off-chain solutions, the blockchain community continues to bolster defenses against replay attacks and enhance the security of cryptocurrency transactions.



5 / 5. 1