W3-SIG-REPLAYCredential Access

Signature Replay

EIP-712 / personal_sign signature accepted across chains, contracts, or nonces — replay an off-chain signature to drain approved tokens.

§ Where this technique fits

W3-SIG-REPLAY is catalogued under the Credential Access tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 2 on average.

§ Dossiers chaining this technique

Signature replay across chains → token drain
EIP-2612 permit() signed without chainId / domain separator binding. Capture the off-chain signature on one chain and replay it on another to drain ERC-20 approvals.
step 2 / 4

§ What commonly comes next

01
Exfiltration Over C2 Channel
T1041 · Exfiltration
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

Signature replay across chains → token drain

§ What commonly comes next