- ZachXBT flags XChat’s group add and file-sharing flaws as potential scam vectors.
- XChat’s privacy tools may aid phishing, despite no reported incidents so far.
- Spam bots and hidden promotions could thrive in unmoderated XChat group chats.
Well-known on-chain investigator ZachXBT has publicly raised red flags over what he describes as “high-risk design flaws” in the early version of X’s new messaging system, XChat. The security researcher directly alerted X owner Elon Musk to his concerns, outlining how the feature’s current configurations could be exploited for phishing, malware distribution, and crypto scams.
XChat was launched in late May 2025 to upgrade the platform’s direct messaging with encrypted chats and file sharing. While the feature is aimed at enhancing user privacy, ZachXBT has identified several issues that could create a new hostile environment for users.
Related: Bitcoin Expert Samson Mow Corrects Musk’s “Bitcoin-Style Encryption” Claim for XChat
Phishing and Scam Risks in New Group Chat Feature
According to the researcher’s report, a primary concern is the ability to add users to group chats without their consent. This could allow bad actors to mass-add users to groups and bombard them with phishing campaigns or links to fraudulent crypto projects.
The technique mirrors scam tactics that are already common on platforms like Discord and Telegram.
Unrestricted File Transfers and Group Additions Under Scrutiny
In a separate concern, ZachXBT pointed to the lack of restriction on file transfers via XChat. He warned that malicious files could be sent to users without prior interaction, introducing another vector for scams or wallet-draining attacks. Musk reportedly responded directly to the investigator’s message, though no specific fixes have been confirmed.
However, X has not yet reported any incidents directly tied to XChat. Still, researchers claim the current layout shares similarities with older scam methods that have circulated via social media DMs. Such scams often include links to fake token sales, deceptive OTC deals, and fraudulent smart contracts.
Related: Sam Altman’s $9.74B Twitter Offer To Elon Musk’s $97.4B OpenAI Bid
ZachXBT also noted that XChat could serve as a new venue for spam bots and hidden promotions. Unlike public posts, private or group chats could be used to distribute links or tokens under the radar, bypassing visible platform moderation.
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
