Why Crypto Companies Must Secure Their Social Media (2025–2026)

Nave Ben Dror

CEO & Co-founder at Spikerz

Published -

September 18, 2025

Why Crypto Companies Must Secure Their Social Media (2025–2026)

In the crypto industry, social media channels are critical assets for companies and projects. Platforms like Twitter (X), Instagram (IG), Facebook (FB), and Telegram serve as primary hubs for community updates, marketing, and investor communications.

However, the past two years have seen a surge in hacks and malicious activities targeting these channels – with serious consequences.

Crypto firms in 2025–2026 face an urgent need to protect their social media accounts from hijacking and harmful content. Below, we dive into why this is so crucial, backed by statistics, real-world examples of breaches, and the far-reaching implications for projects’ finances and reputations.

A Surge in Social Media Hacks Targeting Crypto

High-profile account hijackings have multiplied, as hackers realize that taking over an official Twitter or IG account gives instant access to a huge, trusting audience. In late 2024 and 2025 especially, there’s been a troubling rise in these incidents^[1].

Attackers typically use the compromised accounts to post scam links, often promoting fake tokens or “giveaways”, and unsuspecting followers are tricked into financial loss.

Celebrity and Influencer Hacks

In February 2025, BBC broadcaster Nick Robinson’s X (Twitter) account was hacked to shill a bogus Solana-based token called $TODAY, falsely implying he launched it^[2]. Around the same time, superstar footballer Kylian Mbappé’s account was taken over to promote a fraudulent memecoin $MBAPPE, which even briefly hit a $460 million market cap before the scam unraveled^[3].

Kylian Mbappe's crypto scam post on his hacked X (Twitter) account. Source

Fraudulent memecoin $MBAPPE briefly hitting a $460 million market cap before the scam unraveled. Source

Similarly, rapper Drake’s X account was hijacked in Dec 2024 to tout a fake coin ($ANITA), garnering over $5 million in trading volume before being shut down^[4]. Even Ethereum’s founder Vitalik Buterin fell victim. On Sept 2023, his Twitter was compromised and used to post a malicious NFT link, resulting in about $700,000 being drained from followers’ wallets^[5].

Official Crypto Projects & Companies

Hackers are not just targeting individuals. Company and project accounts have been hit as well. For example, crypto exchange KuCoin’s Twitter account was breached in April 2023 and used to post a fake giveaway; within 45 minutes, followers who clicked lost over $22,000 to the scam^[6]^[7]. (KuCoin later reimbursed victims and bolstered security.)

The compromised official X (Twitter) account of crypto exchange KuCoin. Source

Another case: on March 4, 2025, the official X accounts of the NBA and NASCAR – both with millions of followers – were simultaneously hacked to promote phony “$NBA Coin” and “$Nascar Coin” launches^[8]. The perpetrators posted fake press releases claiming these organizations were issuing crypto on Solana, even sharing a contract address.

Though the NBA’s team scrambled to delete the tweets, hackers reposted them multiple times before control was regained^[9]. All 50 million combined followers of those accounts were at risk of exposure to the scam^[10]. This incident showed how even mainstream brands aren’t safe, and how quickly false info can spread to huge audiences.

The NBA's compromised X (Twitter) account announcing the launch of a fake $NBA coin. Source

NFT and Web3 Gaming Projects

NFT collections and Web3 game communities have been prime targets due to their active social followings. A notorious example is the Bored Ape Yacht Club (BAYC) hack of April 2022.

The project’s official Instagram was compromised and used to advertise a fake “land airdrop” mint. Within hours, users who clicked the link and connected wallets had 91 NFTs stolen (including Bored Apes and Mutant Apes) worth roughly $2.7–3 million^[11]^[12]. (The image below shows the scam post crafted by hackers using BAYC’s branding.)

Bored Ape Yacht Club's fake airdrop post on their compromised Instagram account. Source

Another case: in January 2023, the popular NFT project Azuki’s Twitter account was taken over and tweeted out a phishing link, stealing about $758,000 in just 30 minutes before it was shut down^[13].

Web3 gaming platforms face similar risks. Even the official X account of mainstream game Stellar Blade was compromised in 2025 to push a crypto scam, proving no account is out of reach. Each of these breaches caused immediate monetary losses for the community and dealt a blow to user trust.

Stellar Blade's official X (Twitter) account compromised to push a crypto scam. Source

The frequency of such social media hacks has climbed, even as on-chain hacking of exchanges/bridges saw a temporary dip in 2023^[14]^[15]. Chainalysis noted that while total stolen crypto fell in 2023 vs 2022, the number of individual hacking incidents actually rose (231 incidents in 2023, up from 219 in 2022)^[14].

Many of those incidents involve social engineering and account takeovers rather than just technical exploits.

By 2025, hijacking Twitter or Telegram accounts to push crypto scams has become a go-to strategy for attackers^[16]. Security researchers observe that hackers increasingly target the human and social layer, where a single compromised account can broadcast scams to hundreds of thousands of followers in an instant.

Financial Losses and Real-World Damage

When a crypto project’s social media gets hacked, the financial fallout can be severe. Unlike typical data breaches, these attacks directly trick users into handing over money or valuable digital assets. Some key impacts:

Investor & User Losses

Perhaps the most immediate effect is money stolen from the project’s community. Followers often trust announcements or promotions coming from official channels, so they are easy prey if a hacker tweets “limited-time airdrop” or posts a malicious link in Telegram.

In the incidents above, users lost anywhere from tens of thousands to millions of dollars within minutes.

For instance, investors lost $691,000 via Vitalik’s hacked account in one phishing scheme^[5]. In the Azuki hack, $758K was drained by malicious links^[17]. And when BAYC’s Instagram was breached, one collector lamented losing “over 100 ETH” (~$300,000) worth of prized NFTs in the scam^[18]^[19].

$691,000 of assets drained from victims due to Vitalik's crypto scam post on X (Twitter). Source

These direct losses erode confidence and create angry victims who may even pursue legal action (as some BAYC holders considered suing the project for insufficient security^[18]).

Reputation and Trust Erosion

Beyond immediate thefts, a hack delivers a major reputational blow to the affected project or company. Seeing an official page spewing scam links shakes users’ trust in the brand’s competence and security.

As the Token Metrics team observed, these social media scams “damage confidence in both social media platforms and the crypto industry as a whole.”^[20] A project that suffers such an incident might be viewed as careless, leading investors or partners to think twice. It can take a long time to rebuild credibility.

In fast-moving crypto markets, some projects never recover their former engagement or price momentum after a public breach. The negative press also travels fast: mainstream media often highlights crypto hacks, contributing to the bad reputation crypto already battles with the public.

Market Volatility and Panic

False information from a compromised account can whip up market volatility in a heartbeat.

A striking example occurred in January 2024 when the U.S. SEC’s own Twitter was “compromised” and erroneously posted that a Bitcoin ETF was approved. Bitcoin’s price spiked by over $1,000 within minutes before the news was debunked^[21]^[22].

X (Twitter) confirms that the official SEC account was hacked. Source

In crypto, where markets react heavily to social media, a single fake tweet can trigger wild swings or conversely, a hacker tweet announcing a project’s “failure” could tank a token’s price.

Crypto founders have to realize that uncontrolled messages on their official channels could spark investor panic or misinformed trading. Even rumors or negative comments (if not quickly addressed) can snowball into full-blown FUD, harming a project’s token value and community sentiment.

Project Setbacks and Closures

In extreme cases, a social media breach can derail a project’s progress or even contribute to its demise. For smaller projects or new NFT drops, a hack during a crucial sale or announcement can scare away users and drain momentum.

If users lose funds through the official channel, the team may face liability or simply lose their community’s support. We’ve seen projects where, after a Discord/Telegram hack and resulting scam, the community largely abandoned the project due to fear or frustration.

While it’s hard to pin a closure solely on social hacks, there’s no doubt that poor security can be “make or break” – especially for early-stage crypto startups. At minimum, teams must divert resources to damage control, compensating victims (as KuCoin did^[23]^[16]) and improving security instead of building products.

Regulatory and Legal Implications

Authorities have grown less tolerant of lax security in crypto, especially when retail consumers suffer. The SEC hack incident led U.S. senators to demand accountability and improved controls^[24].

More broadly, regulators may impose stricter guidelines for crypto firms’ cybersecurity, seeing the pattern of social media scams. In a regulated context, a compromised account could be considered a failure to protect investors.

Project founders and marketing executives should recognize that protecting users is not just good practice but may become a compliance expectation. Failing to do so could invite regulatory penalties or lawsuits (e.g. for negligence if a breach was preventable).

Platform-by-Platform Risks (Twitter, Instagram/Facebook, Telegram)

Every social platform comes with its own security challenges for crypto projects. It’s important to understand how attacks or “bad comments” manifest on each:

Twitter (X)

“Crypto Twitter” is arguably the most influential channel for the industry. Unfortunately, it’s ground zero for many scams. Hackers favor Twitter for its real-time reach. A compromised verified account can instantly tweet to hundreds of thousands of followers.

We saw this with exchange accounts like CoinDCX (hacked to push fake XRP promos) and Robinhood (hacked in Jan 2023 to tout a scam token called $RBH)^[25]^[26]. In Robinhood’s case, the attackers even managed to post on the firm’s Instagram and Facebook simultaneously^[27], suggesting they breached a shared social management tool.

Robinhood confirms their social account have been breached to promote a crypto scam. Source

Twitter is also rife with impostor accounts and reply scams – e.g. bots that reply to users with fake support helplines, or profiles impersonating CEOs to advertise “giveaways.” Elon Musk’s own tweets have historically attracted armies of scam replies, and despite efforts, this remains an issue.

Negative or false comments can go viral on Twitter, too. A cynical post or rumor about a DeFi project can be retweeted until it causes a mini bank-run on that protocol’s funds. Crypto teams need to actively monitor their Twitter presence, quickly delete scam posts if hacked, and counter misinformation before it spreads.

Instagram and Facebook

These Meta-owned platforms have large user bases and have been common launchpads for crypto fraud. In fact, an FTC study found that in 2022 about 32% of crypto scams originated on Instagram and 26% on Facebook, making them the top two platforms for such scams^[28].

Part of the reason is the visual, ad-driven nature of these networks: scammers create professional-looking posts or ads that promise big crypto rewards. We saw how BAYC’s Instagram hack led to a very authentic-looking “official announcement” of a fake airdrop. The post even included the BAYC logo and a slick graphic, fooling many.

Facebook has also been used to spread crypto misinformation and fake news that can hurt a project’s image. For example, fake Facebook pages of crypto startups sometimes lure users into phishing sites. Given that many NFT and crypto gaming projects promote on IG/FB to reach mainstream audiences, not securing these accounts is a recipe for disaster.

Yuga Labs spokesperson statement regarding the breach of BAYC's official Instagram account. Source

The BAYC case proves even enabling 2FA wasn’t enough^[12]. Teams might consider extra measures (dedicated devices, restricted admin access, etc.) for these platforms.

Telegram is the de facto community chat app for crypto. Almost every project runs an official Telegram group or channel for investors. But Telegram is notoriously scammy if left unmoderated.

Impersonation and social engineering run rampant. Often, as soon as a newcomer asks a question in a group, a “support” account DM’s them – an imposter trying to steal their wallet keys or get them to send funds.

Telegram groups can also be hacked via admin account takeovers. If an admin’s Telegram account is compromised (or a malicious bot gains privileges), hackers can drop phishing links to the entire community or pin fake announcements. One recent scam involved hackers creating a fake “airdrop bot” in a token’s Telegram. Users were told to complete KYC by sending crypto to verify, which went straight to the attackers^[30]^[31].

Example of a KYC crypto scam with a Telegram bot. Source

Another scheme saw attackers pose as Telegram staff offering “Premium gift” subscriptions; when users clicked the link, their accounts were hijacked^[32]. The result can be chaos: we’ve seen Telegram scam networks responsible for tens of millions in theft across Asia^[33].

In 2025, Kaspersky reported an uptick in Telegram-specific fraud tactics like malicious bots that, once engaged, bombard users with phishing messages or even attempt to hijack the user’s account^[34]^[35].

For crypto project teams, a Telegram breach is especially damaging because it hits your core community – the loyal users in your chat. It can sow fear and confusion among your biggest supporters. Therefore, strict admin security, vigilant moderators, and community education about DM scams are a must on Telegram.

The Magnitude of the Threat in Numbers

To truly appreciate the magnitude of social media-related threats in crypto, consider some statistics and reports from recent years:

Rising Crypto Scam Losses

Globally, $2.17 billion worth of cryptocurrency was stolen in just the first half of 2025, nearly doubling the entire amount stolen in 2024 (which was $2.2B)^[36]^[37].

Total value of crypto stolen globally due to hacks in 2024 and H1 2025. Source

While not all of that is due to social media, a significant portion of scams start on these platforms. In the U.S. alone, over 150,000 people reported crypto theft/fraud in 2025 by August^[38]^[37] – a huge jump from previous years. This shows crypto scams are hitting record levels heading into 2026.

Social Media as a Prime Vector

According to the U.S. FTC, from January 2021 to March 2022 about 49% of fraud reports involving crypto mentioned the scam began on social media^[39].

The breakdown is striking: Instagram (32%) and Facebook (26%) led the pack, followed by WhatsApp (9%) and Telegram (7%)^[28]. (Twitter wasn’t explicitly tracked in that stat, but experts note Twitter is certainly infested with scam bots and crypto fraud, even if FTC data didn’t capture it^[40].)

In 2021 alone, about 95,000 people reported $770 million in losses to fraud initiated on social platforms^[40], demonstrating how these channels have become the favorite hunting ground for crypto scammers.

Notable Scam Campaigns

It’s not just isolated incidents; often these hacks are part of coordinated campaigns.

For example, an analysis by security researcher Molly White noted that throughout 2024, there was a “slew of Twitter account compromises” all pushing the same fake $OPENAI token scam, including multiple OpenAI-related accounts (the CTO, researchers, etc.) that got hacked over months^[41]^[42].

Molly White highlighting multiple Twitter accounts pushing the same fake $OPENAI token. Source

This indicates some hacker groups systematically target influential accounts one after another. Another analysis of NFT Discord hacks found that many were linked, suggesting a network of hackers recycling the same techniques across projects^[43]. In other words, if one project’s social media is weak, it may not be alone. The same attackers might hit several projects in a spree.

Elderly and New Investors at Risk

The human cost is also seen in demographics. Scammers on social media often prey on those less experienced with tech. The FBI reported 16,000 seniors (age 60+) in the U.S. fell victim to crypto scams in 2023^[44]^[37], many through social engineering.

Newcomers enticed by “get rich quick” posts on Facebook or fraudulent YouTube/Telegram promos are frequently duped.

This is important for crypto companies to note: your new potential customers might encounter a fake version of your project on social media before they even find the real one! If someone impersonates your brand and scams users, it can turn away large segments of would-be users and create awful word-of-mouth.

Protecting Your Project’s Social Channels: Key Takeaways

In light of these trends, project founders and marketing executives must treat social media protection as a top priority in 2025–2026. Here are the key reasons and takeaways from our deep dive:

A Single Breach Can Cost Millions: Social accounts are gateways to your entire community. If hijacked, they can directly lead to stolen funds (as high as $3M in one incident) and irreparable financial harm to your users^[11]^[12]. The ROI for hackers is huge, so expect them to keep targeting you – and invest accordingly in defense.‍
Trust Is Your Most Valuable Asset: Crypto is built on community trust. A hack or unchecked flood of scam comments can shatter credibility overnight^[20]. Users might not give you a second chance. Thus, safeguarding social platforms is as critical as securing your code or treasury – it’s part of protecting your brand’s integrity.‍
Threats Span All Major Platforms: Whether it’s a phishing tweet on X, a fake ad on IG/FB, or impostors on Telegram, every channel has vulnerabilities. Don’t assume any platform is “safer”. Implement strong security (e.g. unique strong passwords, mandatory 2FA, hardware keys for Twitter if possible, etc.) on every account that represents your project. Limit admin access and use official verification (blue checks) to help users distinguish real accounts from fakes.‍
Active Moderation and Community Education Are Crucial: “Protecting social media” isn’t just about technical account security. It’s also about policing the content. Crypto companies should dedicate staff or bots to remove scam comments, ban obvious bots, and respond quickly to rumors. For example, deleting fake giveaway replies on your posts can prevent users from being led astray. Likewise, educating your followers (regularly reminding them “we will never DM first” or “beware of fake airdrop links”) can inoculate them against common tactics. Many successful projects publish official security tips for their community and pin them in chats.‍
Have a Rapid Response Plan: In today’s environment, incidents might happen despite precautions (as even the SEC learned^[45]). What matters is how fast and effectively you respond. Prepare an emergency plan: e.g. if Twitter is hacked, have contacts at the platform to help reclaim it and broadcast warnings on other channels immediately. As seen with KuCoin, quick action and transparency (plus compensating victims) helped contain the damage^[23]^[46]. Speedy communication can prevent more losses – e.g. NBA’s team worked to delete fake posts and alert followers “No, there is NO NBA Coin” within hours^[47]^[48]. Projects should similarly be ready to pause all transactions or drips if a false announcement of a partnership, hack, etc. is spreading, until truth is clarified.

To Summarize

Securing social media is now a fundamental part of running a crypto project. The years 2025–2026 will likely see continued attempts by bad actors to exploit any weakness in this area – from sophisticated account takeovers to waves of scam comments aiming to defraud your users.

The magnitude of the threat is evident in the multi-billion dollar losses and numerous examples we’ve covered. By learning from these incidents and proactively fortifying your social channels, crypto companies can protect both their community and their own future.

The stakes (both in dollars and reputation) could not be higher, but with vigilant security and user education, projects can stay one step ahead of the scammers and maintain the trust that is so essential in the Web3 world.

Sources

Recent cases and statistics have been drawn from credible industry analyses and news reports, including Chainalysis’s Crypto Crime reports, FTC consumer fraud data, and documented hacks compiled by news outlets. Key examples such as the NBA/NASCAR Twitter hack^[8]^[9], KuCoin’s breach^[16], and the BAYC Instagram exploit^[11]^[12] illustrate the patterns discussed. These incidents, alongside aggregated data (e.g. billions lost to scams in 2024–2025^[36] and the proportion of scams starting on social media^[28]), paint a clear picture: crypto companies ignore social media security at their peril. Protecting these channels is protecting your community’s assets and your project’s survival.

[1] [2] [3] [4] [20] Social Media Hacks & Crypto Scams: How Influencers Are Being Exploited

https://www.tokenmetrics.com/blog/high-profile-social-media-hacks-and-cryptocurrency-scams-how-hackers-are-exploiting-influencers?0fad35da_page=1&74e29fd5_page=90

[5] $700K in crypto and NFTs lost in phishing attack through Vitalik Buterin’s hacked X account

https://cryptoslate.com/700k-in-crypto-and-nfts-lost-in-phishing-attack-through-vitalik-buterins-hacked-x-account/

[6] KuCoin's Twitter account hacked – exchange says it will reimburse ...

https://cryptoslate.com/kucoins-twitter-account-hacked-exchange-says-it-will-reimburse-victims/

[7] KuCoin's Twitter Account Hack Led to Asset Losses Worth Over ...

https://cryptopotato.com/kucoins-twitter-account-hack-led-to-asset-losses-worth-over-22000/

[8] [9] [10] [29] [47] [48] Official NBA and Nascar accounts on X hacked to promote cryptocurrency scams

https://decripto.org/en/official-nba-and-nascar-accounts-on-x-hacked-to-promote-cryptocurrency-scams/

[11] [12] [18] [19] Bored Ape Yacht Club Instagram Hacked, NFTs Worth Millions Stolen

https://www.vice.com/en/article/bored-ape-yacht-club-instagram-hacked-nfts-worth-millions-stolen/