Crypto Research

What Is a Replay Attack?

A replay attack copies a valid signed transaction from one blockchain and broadcasts it on another — without the original sender's consent. The mechanism exploits shared transaction formats after hard forks. EIP-155 solved it in 2016 by including the chain ID in every signature.
Lewis Jackson
CEO and Founder

The phrase shows up in fork announcements and security discussions, usually alongside "replay protection has been implemented." It sounds alarming. The actual mechanism is more specific — and understanding it explains a design decision baked into every major blockchain transaction today.

The Core Problem

A replay attack happens when a valid signed transaction from one blockchain gets copied and broadcast on a different blockchain — without the original sender authorizing that second transaction.

Crucially, this doesn't require access to your private key. The attacker doesn't need to break your cryptography. They just need your already-published, publicly visible signed transaction. That signed transaction is, in certain conditions, valid on a chain you never intended to use.

Why This Is Possible

When you sign a transaction, you're creating a cryptographic proof that you authorized specific instructions: send this amount from this address to that address, under these conditions. That signed transaction is then broadcast publicly on the network. Anyone can see it.

Here's where forks become relevant. When a blockchain undergoes a hard fork, it splits into two chains. Both chains share identical transaction history up to the fork block. And in the absence of additional protections, both chains may also accept the same transaction format and signature scheme — because they started from the same codebase.

So a transaction you signed for Chain A may be mathematically valid on Chain B. Same sender, same signature, same format. If someone takes your signed transaction from Chain A and submits it on Chain B, it may execute. The chain has no way of knowing you didn't intend to authorize a transaction there.

The most documented case: the Ethereum / Ethereum Classic split in July 2016, following The DAO hard fork. Both chains shared the same transaction history and the same signature format at the moment of the split. If you sent ETH on Ethereum after the fork, that exact signed transaction could be submitted on Ethereum Classic — and because everyone who held ETH at the fork moment automatically held an equal amount of ETC, there were real funds at risk. No key compromise, no phishing. Just broadcasting an already-public transaction to a second chain.

How the Standard Fix Works

EIP-155 is the solution that became standard, implemented in late 2016 on Ethereum.

The fix is simple: include the chain ID in the data that gets signed. Ethereum mainnet has chain ID 1. Ethereum Classic has chain ID 61. BNB Smart Chain has chain ID 56. Polygon has chain ID 137.

When you sign a transaction today, the chain ID is part of what your private key signs. A transaction signed for chain ID 1 is cryptographically invalid on chain ID 61 — the signature doesn't verify, and nodes reject it outright. There's nothing to replay, because the signature is chain-specific.

Nonces provide a complementary protection within the same chain. Ethereum transactions require incrementing nonces — each transaction from an address must have the next sequential number. Once you've used nonce 47, a different transaction with nonce 47 from your address gets rejected by the same network. This prevents replay of old transactions even on the chain they were originally intended for.

Where Risk Still Concentrates

For established chains with EIP-155 in place, the threat is effectively zero for normal users. The protection is automatic and happens without any action on your part.

The risk shows up in two narrower situations.

New fork launches without strong replay protection. When a hard fork creates a new chain, the window before replay protection is implemented — or before users understand they need to manually "split" their coins — is when attacks have historically occurred. Some smaller Bitcoin forks required users to manually protect themselves, which many didn't know was necessary. The losses were real, if rarely headline-sized.

Chain ID collisions. If two different networks choose the same chain ID — which shouldn't happen but occasionally does in the testnet and dev chain space — the protection breaks down between those specific networks. A transaction for one would be valid on the other. The Ethereum chain ID registry exists to prevent this, and it's maintained actively.

What's Changed Since 2016

EIP-155 replay protection is now a baseline expectation for any serious chain launch. Ethereum forks, EVM-compatible chains, and their variants all choose unique chain IDs and implement the standard. The Ethereum chain ID registry tracks assignments to prevent collisions.

The mechanism is stable. It solved the problem it was designed to solve, and it's been running without incident on established chains for nearly a decade. The risk that remains is concentrated at launch windows for new forks, not in ongoing use of existing chains.

Confirmation Signals

All major EVM chains and their forks use unique chain IDs with EIP-155 signatures. The chain ID registry is maintained. No significant replay attacks have occurred on properly protected chains since 2016. Each major hard fork event since then has addressed replay protection before launch.

Invalidation

The protection breaks if a chain launches without a unique chain ID, if a chain ID collision goes undetected between active networks, or if a protocol bug allows signatures to be re-used across contexts. None of these apply to established chains. The concern is specific to new fork launches in the period before protection is confirmed.

Timing

Now: On established chains, this isn't a live threat. The protection is automatic.

Next: Fork events and new chain launches are the moment to pause. Before transacting immediately after a hard fork, confirm replay protection is in place. A 24-48 hour wait for post-fork documentation is reasonable.

Later: EIP-155 and chain ID conventions are stable. No structural changes are expected.

Boundary

This explains the replay attack mechanism and why replay protection was designed into the transaction format. It doesn't address other attack vectors, nor does it assess the security of any specific wallet or protocol. If you're transacting immediately after a fork event, verifying replay protection status on that specific fork is appropriate — but that's a situational check, not a standing concern for everyday use on established chains.

Related Posts

See All
Crypto Research
New XRP-Focused Research Defining the “Velocity Threshold” for Global Settlement and Liquidity
A lot of people looking at my recent research have asked the same question: “Surely Ripple already understands all of this. So what does that mean for XRP?” That question is completely valid — and it turns out it’s the right question to ask. This research breaks down why XRP is unlikely to be the internal settlement asset of CBDC shared ledgers or unified bank platforms, and why that doesn’t mean XRP is irrelevant. Instead, it explains where XRP realistically fits in the system banks are actually building: at the seams, where different rulebooks, platforms, and networks still need to connect. Using liquidity math, system design, and real-world settlement mechanics, this piece explains: why most value settles inside venues, not through bridges why XRP’s role is narrower but more precise than most narratives suggest how velocity (refresh interval) determines whether XRP creates scarcity or just throughput and why Ripple’s strategy makes more sense once you stop assuming XRP must be “the core of everything” This isn’t a bullish or bearish take — it’s a structural one. If you want to understand XRP beyond hype and price targets, this is the question you need to grapple with.
Read Now
Crypto Research
The Jackson Liquidity Framework - Announcement
Lewis Jackson Ventures announces the release of the Jackson Liquidity Framework — the first quantitative, regulator-aligned model for liquidity sizing in AMM-based settlement systems, CBDC corridors, and tokenised financial infrastructures. Developed using advanced stochastic simulations and grounded in Basel III and PFMI principles, the framework provides a missing methodology for determining how much liquidity prefunded AMM pools actually require under real-world flow conditions.
Read Now
Crypto Research
Banks, Stablecoins, and Tokenized Assets
In Episode 011 of The Macro, crypto analyst Lewis Jackson unpacks a pivotal week in global finance — one marked by record growth in tokenized assets, expanding stablecoin adoption across emerging markets, and major institutions deepening their blockchain commitments. This research brief summarises Jackson’s key findings, from tokenized deposits to institutional RWA chains and AI-driven compliance, and explains how these developments signal a maturing, multi-rail settlement architecture spanning Ethereum, XRPL, stablecoin networks, and new interoperability layers.Taken together, this episode marks a structural shift toward programmable finance, instant settlement, and tokenized real-world assets at global scale.
Read Now

Related Posts

See All
No items found.
Lewsletter

Weekly notes on what I’m seeing

A personal letter I send straight to your inbox —reflections on crypto, wealth, time and life.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.