The private keys for both new coins are the same, which means any transaction that happens on one chain can be “replayed” on another chain, since the nodes do not “know” which chain a transaction is aimed for (the private key is same for both). As a result, a user may make a transaction on one chain sending some coin to a merchant only to find that the same amount of coin was deducted from another chain – the transaction was “replayed”.
The replay attacks are possible because:
- both blockchains share same history and their transactions are similar (nature of the fork)
- both coins share their private keys
- the fork happens at the block level, and blocks contain all transactions
- use wallets that have built-in replay attack protection (e.g. Trezor reports having one)