How to avoid Replay attack on your Ethereum NFT

Amidst the euphoria of the upcoming Ethereum merge, there have been arguments and speculations on the possible fundamental and technical implications of the upcoming merge to the beacon chain.  One of the most discussed outcomes of the event is Replay Attack. This story explains what a Replay attack means and how you can secure your NFTs.

What is a Replay attack?

A Replay attack is commonly referred to as a man-in-the-middle attack. It happens when a hacker or malicious actor secretly connects, intercepts, and tweaks data on a secure network so that the data/transaction is delayed or repeated to the detriment of the originator.  Replay attacks can also happen in blockchain, especially during chain splits or hard forks.

After the merge, there would be two functioning chains/copies of the Ethereum blockchain – and Ethereum PoS (new chain) and Ethereum PoW (old chain). Due to these chain splits, assets on the current Ethereum network, including non-fungible tokens, will be duplicated to the PoS chain.  This means the NFTs you currently hold will be duplicated, which consequently opens up the chances of a Replay attack.

“If you send 100 ETHPoW on the POW chain from your wallet to a friend, then your friend could broadcast the same transaction in the POS chain and send himself 100 original ETH to his same wallet,” a DeFi expert narrated.

Precaution to possible Ethereum Replay attack

The possibility of getting Replay attacked is much higher if you leave or trade the assets – duplicated NFTs or tokens – in a single wallet. You need to create and use different wallets for each chain.

– Create two wallets (B) and (C). Transfer all your assets from the main wallet (A) to wallet B just before the merge. – After the merge, you can transfer all assets from wallet “B” to the main wallet (A) for the PoS chain. – Then, transfer all PoW assets from wallet “B” to “C,” the latter becomes your primary wallet for trading on the PoW chain.

The idea is to not have/use the assets in one wallet. Another option to preventing Replay attacks would be messing up the transaction nounces, which might be technical.