A Look at Bitcoin Replay Attacks and Self-Managed UTXO Protection

Over the past few weeks, bitcoin proponents have been quarreling online about the lack of replay attack protection for the pending Segwit2x fork scheduled for this November. As time draws closer, a lot of bitcoiners are planning on sitting tight to ride out the storm. However, there are also individuals searching for replay-protected exchanges, wallet providers, and alternative techniques to protect themselves.

Also read: Bitcoin Accessibility From a Blind Person’s Perspective

Everyone Keeps Talking About This Thing Called Replay Protection

A Look at Bitcoin Replay Attacks and Self-Managed UTXO Protection The decentralized cryptocurrency bitcoin and many other altcoins utilize a data storage concept called Unspent Transaction Outputs (UTXO). Someone who owns bitcoin in a non-custodial wallet has a list of “unspent” satoshis which primarily contains the user’s balance data. The sum of the bitcoin owner’s UTXOs is the individuals or organizations entire balance.

When a fork takes place on the network, there can be network confusion or replays when people are sending bitcoin transactions which could lead to financial losses. Because the split happens on the same chain, all transactions, addresses, and balances will be a direct reflection of the chain before the fork. This means UTXOs can be confirmed by miners on both chains and can theoretically be manipulated by malicious actors, or other types of transaction mistakes can happen. For example, if bitcoin is sent to an address on the Segwit2x chain it’s possible the UTXO can be replayed on both.

Essentially this means because both chains are an exact reflection, the two tokens will have identical private keys. Either someone can mistakenly send a transaction that is valid on both chains and send funds to the other network by accident. Or in another scenario, an attacker can reuse the transaction data after a person sent funds and try to spend it on the other chain as well. These are the two most common issues or theories people think of when running into a replay attack discussion. During the Ethereum hard fork which produced the Ethereum Classic token there were problems with replay attacks.

People Can Send Non-Replayable Transactions, But the Methods Are Not For the Light Hearted

Coinbase Transaction

There are some ways users and miners can send transactions and still keep a level of replay protection. The methods require specialized software and a reasonable level of technical knowledge. For instance, miners or people who know a mining pool can utilize sending bitcoins by a ‘Coinbase transaction’ which cannot be replayed after the fork. This is one method where an individual or group can send non-replayable transactions, but there’s a catch. Bitcoins in a Coinbase transaction cannot be spent until they’ve received 100 confirmations. But they will be only valid on the chain they were originally generated from, which assures there will be no replay for those UTXOs.

nLocktime

Another method which requires a bit of technical knowledge and software that can accomplish the process is called, ‘nLocktime.’ This procedure means when the two chains bifurcate, a transaction can be set for a specific time or block height. A user can use a full node client to set the nLocktime to a block height, but there are not that many wallets that offer this feature. By utilizing the nLocktime method, a user can essentially create a transaction that will confirm on the longest chain.

Two Transactions — Two Fee Settings

Bitcoin developer, David Harding, explains another process of using two different fees for transactions on both the high fee chain and the low fee chain. The statement from Harding is a response to a question from the CEO of Coinbase, Brian Armstrong, asking about replay prevention on the Bitcoin Stack Exchange Q&A website.

“It is possible miners on one side of the fork may be mining transactions with lower fees than on the other side, so you can broadcast a low-fee version of your transaction on the low-fee chain, wait for it to confirm, and then broadcast a higher-fee version on the high-fee chain,” explains Harding.

You may still have to wait a few blocks for fees to diverge by much, and since each miner has their own policy, you may need to try multiple times — Also, many wallets don’t let you choose arbitrary fees (they just give you a reasonable fee or let you choose from reasonable range of fees).

Protecting Digital Assets Requires Patience

A Look at Bitcoin Replay Attacks and Self-Managed UTXO Protection Other methods of protection include simply waiting for a splitting tool created by an exchange or a wallet provider. Further, some wallets and exchanges will have also have built-in replay attack defense so using these services will allow you to transact without a replay outcome. For instance, Coinbase, and the wallet provider BTC.com, have already stated they will have their own replay protection. There will likely be many more businesses following suit.

Last but not least, probably the best method of all is waiting out the bitcoin fork until it’s 100 percent complete, and everyone is assured things are settled. If you don’t really need to transact with bitcoin, it’s probably better to wait until the fork is done, and do some research after the fork on the current state of each network before transacting. So to sum things up — Play it safe, be patient and investigate the results of the fork before proceeding to send, receive or really do anything on the bitcoin network.

What methods do you know of that will protect you from replay attacks? Are their bitcoin service providers that you know of that are providing their own replay protection? Let us know your thoughts in the comments below.

** This article has been updated as of October 26, 2017, at 11:00 am EDT.

Disclaimer: Walkthrough editorials and the tips above are intended for informational purposes only. There are multiple security risks and methods that are ultimately made by the decisions of the user. There are various steps mentioned in reviews and guides and some of them are optional. Neither Bitcoin.com nor the author is responsible for any losses, mistakes, skipped steps or security measures not taken, as the ultimate decision-making process to do any of these things is solely the reader’s responsibility. For good measure always cross-reference guides with other walkthroughs found online.

Images via Shutterstock, and Pixabay.

News.Bitcoin.com opinions and editorials are vital reading. Experience more of them here. Further, at Bitcoin.com there’s a bunch of free helpful services. For instance, have you seen our Tools page?

Share this story:

Jamie Redman

Jamie Redman is a financial tech journalist living in Florida. Redman has been an active member of the cryptocurrency community since 2011. He has a passion for Bitcoin, open source code, and decentralized applications. Redman has written thousands of articles for news.Bitcoin.com about the disruptive protocols emerging today.

comments powered by Disqus.

In Case You Missed It

FATF Holds Global Forum to Discuss Crypto Supervision

The Financial Action Task Force (FATF) and over 50 delegations involved in crypto supervision recently gathered to discuss how to regulate crypto assets and related service providers. While examining three key areas, they stressed the importance of international cooperation, citing ... read more.

Monopoly Is a Tiny Darknet Market With Big Aspirations

There’s a certain irony in the smallest market on the darknet being named Monopoly. With less than 150 listings, the monero-friendly Monopoly Market is anything but. What this tiny darknet market (DNM) lacks in size, however, it makes up for ... read more.

Bitcoin Cash Gets Significant Privacy Boost With Cashfusion Alpha Launch

On January 17, the BCH developer known as Acidsploit announced the launch of the highly anticipated Cashfusion alpha. Interested parties can reach out to the Cashfusion developers via the team's Telegram group to become an alpha tester. The news of ... read more.

How Is Bitcoin Cash Different From Bitcoin Core?

The crypto space can be hard to break into for those unfamiliar with the jargon, lingo, and foundational knowledge taken for granted by the already initiated. Adding to this difficulty is the fact that there are several different cryptos which ... read more.

Developer Proposes Decentralized Bitcoin Hashrate Derivatives

There’s a new concept called Powswap that lets people speculate on hashrate in order to hedge against price volatility. Powswap was developed by the software engineer Jeremy Rubin who believes hashrate derivatives products allow people to leverage new trading strategies. ... read more.

Maduro Opens International Crypto Casino

Venezuela’s President Nicolas Maduro has authorized the opening of an international casino at a luxury hotel in Caracas where bets must be placed in petros, the country’s national oil-backed digital currency. Several cryptocurrencies and fiat currencies can be exchanged into ... read more.

Lawsuit Against Ripple May Decide the Fate of XRP but Regulators Have the Final Say

A prolonged legal battle, which may hold the key to XRP’s future, has been extended again. The class action lawsuit alleges that Ripple issued and sold the coin, one of the largest by market cap, as an unregistered security. The ... read more.

Cypherpunk Bitstream Hosts Talk Crypto-Anarchy, Dropgangs, and Importance of Real Life Connections

The Cypherpunk Bitstream podcast is a relatively new program that's just released its fourth episode. The hosts, known as Frank Braun and The Real Smuggler, are so-called 'privacy extremists' and dyed-in-the-wool crypto-anarchists concerned with exposing cypherpunk ethos to a wider ... read more.

Bitcoin.com Partners With Mecon Cash, Enabling Withdrawal at ATMs Across South Korea

Bitcoin Cash has been added to Mecon Cash’s M.Pay platform which is integrated with over 13,000 ATMs in South Korea. By making bitcoin cash usable for withdrawing won across the country, Mecon Cash is ensuring that BCH users in Korea ... read more.

An In-Depth Look at the Multi-Currency Cold Storage Card Ballet

Last September, Bobby Lee, the former CEO of China’s first cryptocurrency exchange BTCC revealed his new business venture Ballet, a non-electronic crypto wallet solution that offers multi-currency support. During the North American Bitcoin Conference Miami, all the attendees got a ... read more.

Peter Schiff Forgets Bitcoin Wallet Password, Blames Bitcoin

Peter Schiff hates Bitcoin almost as much as bitcoiners hate Schiff. The gold bug makes a point of dissing the cryptocurrency whenever he can, despite the hypocrisy of accepting BTC on his own website. Today, the eccentric entrepreneur found a ... read more.

Uzbekistan Prepares Crypto Tax Exemptions, Launches Licensed Exchange

A new presidential decree in Uzbekistan envisages the introduction of tax exemptions for income obtained from operations involving crypto assets. The draft document published recently also incorporates proposals for the establishment of a blockchain valley and licensing regime for cryptocurrency ... read more.

Bitcoin Cash Sees Mining Pool Shift and Hashrate Surpass 4 Exahash

While people have watched the BTC network surpass 100 exahash per second (EH/s), Bitcoin Cash (BCH) has been steadily gathering hashrate as well. Since the November 15, 2018 blockchain split, which produced the Bitcoin SV (BSV) chain, BCH hashrate has ... read more.

Why User Experience Is Crypto’s True ‘Killer App’

There's been a lot of buzz in the space recently about the importance of user experience. Kim Dotcom's proclamation that "Mass utility is going to lead to mass adoption," speaks to this. Peter Schiff's bitcoin wallet fiasco, CZ's claim that ... read more.

Polkadot Will Finally Launch This Year – But Is the Multi-Chain Network too Late to Catch Ethereum?

Remember Polkadot? It’s the multi-chain network that raised $145 million in 2017 and hasn’t been seen since. But unlike many of the blockchain projects from that era, Polkadot hasn’t taken the money and run. Its team, led by Ethereum founder ... read more.

Bitcoin Cash Miners Plan $6M Development Fund by Leveraging Block Rewards

A group of Bitcoin Cash mining pool operations have decided to help fund BCH infrastructure development. On January 22, Btc.top founder Jiang Zhuoer revealed that five mining pools are preparing a short-term developers donation plan. Miners from Btc.top, Bitcoin.com, Viabtc, ... read more.

Demand for Crypto Derivatives Swells as CME's Bitcoin Volume Rises

The global markets company Chicago Mercantile Exchange (CME) has seen considerable demand since launching its options contracts in the wake of the firm’s bitcoin futures. On the first day of swaps, CME’s bitcoin options saw 55 contracts ($2.3 million). By ... read more.

6 Bankers Accused of Earning €30M in Bonuses From German Fraud, Tax Lawyer Out on €4M Bail

Former bank employees have received bonuses worth millions of euros in an illegal trading scheme that also involved a tax lawyer, prosecutors in Frankfurt revealed this week. The case is part of multiple investigations carried out across Germany, the hardest ... read more.

Vodafone Becomes 8th Company to Exit Libra Association

After a spate of big names parting ways with the Libra Association late last year such as Paypal, Visa, Mastercard, and Ebay, British telecommunications giant Vodafone has become the latest to bid the ambitious digital asset project farewell. While Vodafone's ... read more.