Security researchers have uncovered serious vulnerabilities in Bitchat, the decentralized messaging application launched by Jack Dorsey, raising significant concerns about user confidentiality. Despite being marketed as a secure platform leveraging advanced encryption, the app’s design flaws could expose users to substantial risks.
One of the most alarming issues is the potential for attackers to intercept identity keys and impersonate other users. This flaw undermines the app’s intended trust mechanism, allowing malicious actors to pose as legitimate contacts and compromise private communications.
Although Bitchat employs Curve25519 and AES-GCM encryption to protect messages, the absence of an external security audit casts doubt on its effectiveness. The app’s code, openly available on GitHub, has not undergone independent review, leaving its security claims unverified.
Also read:
- Veo 3 Brings Photos to Life with Video and Voice from a Single Image
- Chaos at Apple: COO Jeff Williams Retires Amid Leadership Shake-Up
- Paramount-Skydance Merger Stalls Again, Parties Opt for Another 90-Day Delay
Additional problems include a buffer overflow vulnerability, which could enable hackers to access a device’s memory, potentially exposing sensitive data. Furthermore, the app’s message history lacks adequate protection, meaning that if an encryption key is compromised, past conversations could be decrypted and accessed. These shortcomings highlight a gap between Bitchat’s ambitious privacy promises and its current implementation.
The revelations have sparked debate about the app’s readiness for real-world use, especially given its appeal to privacy-conscious users and those in high-risk environments. As of July 11, 2025, these critical flaws suggest that Bitchat, while innovative, requires significant refinement to deliver the secure, decentralized communication it aims to provide.
