Security breach hits cryptography firm’s social media
Zama, the open-source cryptography developer based in Paris, confirmed on Tuesday that their Chief Operating Officer Jeremy Bradley’s X account was compromised. The hacked account started posting messages about a fake ZAMA token distribution, complete with phishing links. The company quickly issued a statement saying there’s no legitimate token claim happening.
I think what’s interesting here is that Zama specializes in fully homomorphic encryption—pretty advanced stuff that lets you work with encrypted data without decrypting it first. Their technical security is probably top-notch, but this shows how social media accounts can still be vulnerable. It’s not about breaking encryption; it’s about tricking people or stealing credentials.
Patterns in crypto social media attacks
This isn’t an isolated case. Looking at the data, there were 47 similar incidents with blockchain projects just last year. The pattern is usually the same: attackers get access to an executive’s account, use that credibility to post scam messages, and try to drain funds from followers who click the links.
Dr. Elena Rodriguez, a digital forensics specialist, pointed out something important. She said executive accounts are high-value targets because people trust them. The attackers aren’t necessarily exploiting technical weaknesses—they’re playing on psychological trust. And by the time platform moderators can take down malicious posts, they’ve often already spread widely.
CertiK’s 2024 report actually ranked social media as the second-biggest attack vector after smart contract vulnerabilities. Impersonation attacks targeting project executives jumped by 217% between 2023 and 2024. That’s a huge increase in just one year.
The irony and the response
There’s a bit of irony here. Zama builds technology to protect data during processing and storage, but their communication channel wasn’t equally protected. It highlights what seems to be a common blind spot: focusing on technical security while overlooking human-factor vulnerabilities.
The industry has been developing countermeasures though. Many projects now use verification protocols that require multiple confirmation channels for major announcements. Security training for executives has become more comprehensive, covering things like phishing recognition and better authentication practices.
Platforms themselves are trying to improve. X recently introduced enterprise-grade protection for verified organizations, with better monitoring and faster support. But adoption across the crypto sector has been inconsistent. Some projects still rely on basic security measures, leaving them open to these kinds of attacks.
What this means for users and projects
For users who might have interacted with the fraudulent posts, the advice is straightforward: disconnect any wallet connections immediately, report it through Zama’s official channels, and monitor for unauthorized transactions. Maybe use some blockchain security tools to check for compromises.
For projects, the recommendations include hardware-based multi-factor authentication, clear verification protocols, regular security training, and having incident response teams specifically for social media issues.
Zama hasn’t given a specific timeline for resolving the compromised account, but they say they’re working with platform administrators and will provide updates through their official website and channels.
What strikes me about this whole situation is how it shows the evolving tactics of attackers. They’re not just going after technical infrastructure anymore—they’re targeting the communication channels people trust. And that requires a different kind of security thinking, one that covers both the technological and psychological aspects.
