Security breach hits crypto company management
Zama, the Paris-based open source crypto developer, confirmed on Tuesday that hackers gained unauthorized access to the verified X account of operations manager Jeremy Bradley. The compromised account began posting messages inviting its followers to claim non-existent ZAMA tokens via a phishing link.
I think this is particularly concerning because Zama specializes in fully homomorphic encryption technology. Their work aims to enable calculations on encrypted data without the need to decrypt it first. You would expect a company with this type of expertise to have strong security practices. But here we are with their COO’s social media account compromised.
The social media attack model
This is not an isolated incident. In fact, blockchain projects experienced 47 similar executive account compromises last year. The attacks follow a predictable pattern: gain access through phishing or credential theft, impersonate executives to lend credibility, then deploy fraudulent links to drain victims’ cryptocurrency.
What is perhaps interesting is that these attacks exploit psychological trust rather than technical vulnerabilities. People see a verified account of a business executive and assume it is legitimate. Attackers know this and use it to their advantage.
Dr. Elena Rodriguez, a specialist in digital forensics, highlighted a point worth considering. “Executive social media accounts represent high-value targets,” she noted. “Attackers exploit psychological trust factors rather than technical vulnerabilities. » She also discussed the challenge of rapid response: Malicious posts often go viral before the platform’s moderators can intervene.
Industry response and protective measures
The crypto community has developed countermeasures. Many projects now implement verification protocols for major announcements, requiring multiple confirmation channels. Security training for executives has become more comprehensive, covering phishing recognition and secure authentication practices.
Industry organizations such as the Blockchain Security Alliance released updated recommendations in March 2025. Their guidelines emphasize several protections, although their adoption remains inconsistent across the cryptocurrency sector. Many projects still rely on basic security measures, making them vulnerable to sophisticated attacks.
Platform providers have attempted to improve their security offerings. X recently introduced enterprise-grade protection for verified organizations, including advanced monitoring and expedited support. But it seems that not everyone uses these features.
Wider implications for the sector
This violation has significant implications beyond Zama. This undermines trust in official communication channels – followers may now question future announcements from company executives. It also exposes the continued vulnerability of social media accounts, which often serve as primary communication tools for crypto projects.
There is a certain irony here. Zama’s technology protects data during processing and storage, but their communication channels did not have equivalent protection. This highlights a common security blind spot: many organizations prioritize technical security over human factors vulnerabilities.
CertiK’s 2024 report identified social media as the second largest attack vector in the industry, with only smart contract vulnerabilities causing more financial losses. The report specifically warns of impersonation attacks targeting project executives, noting that such attacks increased by 217% between 2023 and 2024.
What this incident shows, I think, is that overall security strategies must encompass both technological and psychological dimensions. Even the most advanced cryptographic protection cannot compensate for compromised communication channels. The human element remains a critical vulnerability that requires further attention across the sector.
