Security concerns The newly released XChat, a feature of X that supports messaging, has several critical security issues flagged by on-chain investigator ZachXBT. With a limited number of users, XChat should replace the current DM system and introduce enhanced chat features, such as file sharing and encryption. Still, as ZachXBT says, the current version does not provide enough security to avoid phishing and malicious content delivery.
Group access and file sharing raise security alarms
ZachXBT pointed out that even the users can now add other users to group chats, and such an opportunity may encourage phishing attacks. This feature is in the testing stages and has not been put in place to avoid infiltration by unknown users who will send harmful links. Such inability to access control can put the users at risk of digital scams against digital wallets or smart contracts.
Initiating transfers of files within the chats is another significant danger that is highlighted. ZachXBT added that this feature would enable rogue actors to distribute malicious content through pretended legitimate files. These weaknesses resemble the tactics employed previously in the larger scale of DM based scammers on social media.
Encryption and disappearing messages may aid attackers
Despite the presence of privacy features in XChat, including end-to-end encryption and application of disappearing messages, these features can prevent potentially malicious actions unintentionally. On the one hand, they make the users more confidential, but on the other, they may avoid tracing the fraudulent transactions or phishing campaigns.
These are the concerns of ZachXBT, who says that phishing attacks were increasing drastically in 2025. Certik claims that more than 47 million dollars were stolen by phishing just in May. April was way higher, at $337 million, indicating an increased danger in the digital asset front. Although the new XChat functionality promises a better overall messaging experience, it will inevitably add value to potential scams.
X expands Crypto features while security lags
XChat was launched in June for premium users after an initial deployment in select accounts on May 30. It provides encrypted group messages, file transfer, disappearing messages, and audio or video calls without confirmation of phone numbers. Nevertheless, there are fears that these features can be used to promote a scam or a fraudulent sale of tokens.
X has been widening its integration with crypto services, recently announcing a partnership with Polymarket on predictive event markets. X has not allowed native transfers of digital assets, even though there is an increasing volume of crypto on the platform. Crypto transactions with X currently support a restricted number of transactions using third-party tools. As the system has already been hit by account theft and token shilling, the open contents of XChat might need particular security rules to ensure that people do not abuse it.