diff --git a/src/node/net/p2p.ml b/src/node/net/p2p.ml
index c479fe683..e6e97f961 100644
--- a/src/node/net/p2p.ml
+++ b/src/node/net/p2p.ml
@@ -384,8 +384,11 @@ let connect_to_peer config limits my_gid my_public_key my_nonce my_secret_key so
       | Message msg ->
           push (Recv (peer, msg)) ; receiver ()
       | Box msg_encr ->
-          let msg = Crypto_box.box_open my_secret_key public_key msg_encr (peer.current_nonce ()) in
-          push (Recv (peer, [B msg])) ; receiver ()
+          Crypto_box.box_open my_secret_key public_key msg_encr (peer.current_nonce ())
+            |> function
+              | None -> debug "(%a) cannot decrypt message (from peer) %a @ %a:%d"
+                  pp_gid my_gid pp_gid gid Ipaddr.pp_hum addr port ; receiver ()
+              | Some msg -> push (Recv (peer, [B msg])) ; receiver ()
     in
     (* The polling loop *)
     let rec pulse_monitor ping =
diff --git a/src/utils/crypto_box.ml b/src/utils/crypto_box.ml
index cdef24b97..8931436c9 100644
--- a/src/utils/crypto_box.ml
+++ b/src/utils/crypto_box.ml
@@ -18,7 +18,9 @@ let random_keypair = Sodium.Box.random_keypair
 let random_nonce = Sodium.Box.random_nonce
 let increment_nonce = Sodium.Box.increment_nonce
 let box = Sodium.Box.Bigbytes.box
-let box_open = Sodium.Box.Bigbytes.box_open
+let box_open sk pk msg nonce =
+  try Some (Sodium.Box.Bigbytes.box_open sk pk msg nonce) with
+    | Sodium.Verification_failure -> None
 let to_secret_key = Sodium.Box.Bigbytes.to_secret_key
 let of_secret_key = Sodium.Box.Bigbytes.of_secret_key
 let to_public_key = Sodium.Box.Bigbytes.to_public_key
diff --git a/src/utils/crypto_box.mli b/src/utils/crypto_box.mli
index d870b0bb2..c1d1b9e47 100644
--- a/src/utils/crypto_box.mli
+++ b/src/utils/crypto_box.mli
@@ -17,7 +17,7 @@ val random_keypair : unit -> secret_key * public_key
 val random_nonce : unit -> nonce
 val increment_nonce : ?step:int -> nonce -> nonce
 val box : secret_key -> public_key -> MBytes.t -> nonce -> MBytes.t
-val box_open : secret_key -> public_key -> MBytes.t -> nonce -> MBytes.t
+val box_open : secret_key -> public_key -> MBytes.t -> nonce -> MBytes.t option
 val to_secret_key : MBytes.t -> secret_key
 val of_secret_key : secret_key -> MBytes.t
 val to_public_key : MBytes.t -> public_key