Elon Musk wants hackers to take their best shot. “And we welcome any attempts to break 𝕏 encryption,” he posted yesterday, wading into a debate that had been brewing on the platform for two days.
It started when Musk claimed sending files through X Chat was “much more secure than email.”
Security researcher Sooraj Sathyanarayanan, who goes by @iAnonymous3000, pushed back hard. In a thread that garnered over 1.3 million views, he explained why he believes X Chat falls short of being a truly secure messaging platform.
His main gripe? Private keys get backed up to X’s servers instead of staying put on your device. That means X technically could access your messages if they wanted to, or if someone forced them to. He also flagged that X’s own documentation admits a single compromised key would expose your entire message history. Signal, by contrast, generates new keys constantly, so a breach only exposes one message at a time.
X’s Chat account pushed back. They explained that private keys get stored in Hardware Security Modules set up during a published key ceremony. Users need to enter the right PIN to recover keys, and after 20 wrong guesses, the keys destroy themselves. Nobody at X can brute force their way in, they claimed.
Then user @tetsuoai jumped in, sharing a diagram of X’s encryption architecture and calling it “bullet-proof.” Sathyanarayanan saw it differently. He pointed out that the diagram actually backed up his argument since it clearly showed private keys leaving the device and heading to X’s servers. “The encryption is fine. The architecture stores keys on X servers. That’s the point,” he wrote.
Unsurprisingly, Musk didn’t hold back on the competition. He called Signal “controlled by the woke mob” and reminded everyone that it went dark during an Amazon Web Services outage. “Do not trust Signal,” he wrote.
Sathyanarayanan acknowledged the AWS point was fair but said X Chat still needs three things before it can compete on security: device-only key storage with no server backups, forward secrecy through something like Signal’s Double Ratchet protocol, and the open source release X apparently promised back in June 2025 but never delivered.
X says self-custody and forward secrecy are coming. Musk’s open challenge to break the encryption might speed up the timeline, or prove him right. Either way, security researchers are probably already getting to work after seeing that post.


