Security breach hits cryptography firm’s leadership
Zama, the open-source cryptography developer based in Paris, confirmed on Tuesday that hackers gained unauthorized access to Chief Operating Officer Jeremy Bradley’s verified X account. The compromised account began posting messages urging followers to claim non-existent ZAMA tokens through a phishing link.
I think this is particularly concerning because Zama specializes in fully homomorphic encryption technology. Their work focuses on enabling computations on encrypted data without needing to decrypt it first. You’d expect a company with that kind of expertise to have solid security practices. But here we are, with their COO’s social media account compromised.
The pattern of social media attacks
This isn’t an isolated incident. Actually, blockchain projects experienced 47 similar executive account compromises just last year. The attacks follow a predictable pattern: gain access through phishing or credential theft, impersonate executives to lend credibility, then deploy fraudulent links to drain cryptocurrency from victims.
What’s interesting, perhaps, is that these attacks exploit psychological trust rather than technical vulnerabilities. People see a verified account from a company executive and assume it’s legitimate. Attackers know this and use it to their advantage.
Dr. Elena Rodriguez, a digital forensics specialist, pointed out something worth considering. “Executive social media accounts represent high-value targets,” she noted. “Attackers exploit psychological trust factors rather than technical vulnerabilities.” She also mentioned the challenge of rapid response – malicious posts often go viral before platform moderators can intervene.
Industry response and protective measures
The cryptography community has been developing countermeasures. Many projects now implement verification protocols for major announcements, requiring multiple confirmation channels. Security training for executives has become more comprehensive, covering phishing recognition and secure authentication practices.
Industry organizations like the Blockchain Security Alliance published updated recommendations in March 2025. Their guidelines emphasize several protections, though adoption remains inconsistent across the cryptocurrency sector. Many projects still rely on basic security measures, leaving them vulnerable to sophisticated attacks.
Platform providers have tried to enhance their security offerings. X recently introduced enterprise-grade protection for verified organizations, including advanced monitoring and expedited support. But it seems not everyone is using these features.
Broader implications for the sector
This breach carries significant implications beyond just Zama. It undermines trust in official communication channels – followers might now question future announcements from company executives. It also exposes the persistent vulnerability of social media accounts, which often serve as primary communication tools for crypto projects.
There’s a certain irony here. Zama’s technology protects data during processing and storage, but their communication channels lacked equivalent protection. This highlights a common security blind spot – many organizations prioritize technical security over human-factor vulnerabilities.
CertiK’s 2024 report identified social media as the second-largest attack vector in the industry, with only smart contract vulnerabilities causing more financial losses. The report specifically warned about impersonation attacks targeting project executives, noting these attacks increased by 217% between 2023 and 2024.
What this incident shows, I think, is that comprehensive security strategies need to encompass both technological and psychological dimensions. Even the most advanced cryptographic protection can’t compensate for compromised communication channels. The human element remains a critical vulnerability that needs more attention across the industry.
