An idea of developing a secure peer-to-peer messenger which would later turn into Tox sparked on the anonymous imageboard 4chan[3] amidst the allegations that Skype provided the NSA with access to their infrastructure and encryption, just before they were bought by Microsoft.

[17] This caused the project to split, with those interested in continuing the development creating a new fork of Tox core[18] called "c-toxcore" around the end of September 2016.

[19][21] Initially, the Rust implementation of the protocol library was split in two halves, one handling most of the grunt work of communication with the network, and another one responsible specifically for bootstrap node operation.

In December 2022 those were merged, with developers stating that code was now mature enough to support basic communication and bootstrap node operations using TCP connections.

[21] Although the original core library implementation and its forks have been available for the general public for almost a decade, none of them have been reviewed by a competent third-party security researcher.

In 2017, WireGuard's author Jason A. Donenfeld opened an issue on the project's GitHub page[22] where he stated that c-toxcore is vulnerable to key compromise impersonation (KCI) attacks.

Donenfeld attributed his find to the fact that Tox is relying on "homebrew crypto" developed by "non-experts" to facilitate handshakes.

[26] Tox received some significant publicity in its early conceptual stage, catching the attention of global online tech news sites.