"Signal is a honeypot, use X Chat instead!"

The people who say this are the same people who see clickbait headlines like "hackers target Signal" and assume the encryption got cracked. It didn't, and it never has.

Here's what's actually happening 🧵👇

1/5

Recently, people were getting messages from "Signal Support", warning that 'your backups are about to be lost to a sync error'.

They then instruct targets to copy their recovery key, and paste it into the chat window to save it.

That key decrypts your entire backup, and people are willingly (unknowingly) handing it to a stranger.

2/5

That's it, that's the whole attack.

This is what almost every "encrypted app got hacked" story turns out to be, not broken encryption, but a phishing attack tricking people into opening the front door.

3/5

Signal is open source, and independently audited. No one, including Signal, can read your messages, because they're end-to-end encrypted, just like your Proton Mail emails (between Proton Mail users), or your Proton Drive files.

It's impossible for Signal to decrypt your chats; and the same goes for us with your emails and files.

4/5

Signal never messages you first, and never asks for your recovery key, PIN, or registration code. Anyone that does is an attacker trying to access your private information.

5/5

Read more about this story: techcrunch.com/2026/05/28/hac…