EncroChat: how police read “uncrackable” messages by going after the devices, not the crypto
In 2020, French and Dutch investigators compromised the EncroChat network at the device/server level, harvesting millions of messages in real time and triggering more than 6,500 arrests across Europe.
01What actually happened
EncroChat was a subscription “secure phone” network popular with organized crime. In 2020, French law enforcement, working with the Netherlands and Europol, planted an implant that captured messages from the devices and servers themselves — before or after encryption, at the endpoint — rather than breaking the encryption in transit. The infiltration yielded millions of messages and, by Europol's later accounting, more than 6,500 arrests and roughly $979 million seized across Europe.
02Why it matters
If the endpoint or server is compromised, end-to-end encryption is bypassed entirely — attackers read plaintext where it lives, not on the wire. No app can fully solve endpoint compromise, but Cipher reduces what a server breach can ever reveal by keeping data on-device with zero server-side access and minimal stored metadata.
Sources
- TechCrunch · Jul 2020Police roll up crime networks in Europe after infiltrating popular encrypted chat app
- BleepingComputer · 2023EncroChat takedown led to 6,500 arrests and $979 million seized
We describe only what these sources report. If you think we've framed something inaccurately, tell us — accuracy is the whole point.
Cipher is built for exactly this gap: zero-access encryption, no phone number, on-device AI, and minimal metadata — so the failure in this story can't happen the same way.
See how the architecture works