Exactly. Adding a nonce like that was exactly what I did in a CS100 level course when I was over complicating a blackjack exercise that was intended to teach us about stack data structures. I'm really grateful to my prof who took the time to point out the issues with my RNG code instead of being annoyed that I'd turned in ~3x the average LOC.

This is such a basic cryptographic fail that one has to assume either the telegram team is incompetent or they were introducing a backdoor. Given that the excuse is so weak, one tends to assume the latter. I get rolling one's one crypto is hard, but this is a such an easily caught fundamental error that those are the options, and neither is good.

That's the justification they cooked up. But that doesn't mean that was the motivation.