X to Auto-Lock Accounts That Mention Crypto for the First Time in Crackdown on Phishing Scams

Social media platform X is rolling out a new security feature designed to combat the growing wave of cryptocurrency phishing scams that exploit compromised user accounts. According to Nikita Bier, X's Head of Product, the platform will automatically lock any account that mentions cryptocurrency for the very first time, requiring users to complete additional identity verification before regaining posting access.

Bier believes the move will be highly effective, stating it should eliminate nearly all incentive behind these types of attacks. The announcement followed a viral firsthand account from an X user who lost access to their profile after clicking a phishing email disguised as a copyright violation notice. The attacker used a convincing fake login page to steal the user's credentials and two-factor authentication codes, subsequently locking them out and using the account to promote fraudulent crypto projects.

Crypto-related scams have plagued X for years, even before Elon Musk's acquisition of the platform. Common schemes include fake "double your money" promotions, counterfeit memecoins, and sham airdrops. Scammers frequently hijack trusted accounts to add legitimacy to their fraudulent campaigns, making them harder for everyday users to identify. Because cryptocurrency transactions are irreversible, victims have no way to recover stolen funds once deceived.

The most notorious incident occurred in 2020, when hackers infiltrated Twitter's internal systems and commandeered high-profile accounts belonging to Apple, Barack Obama, and Elon Musk to run a fake Bitcoin giveaway that collected over $100,000. The perpetrator was ultimately sentenced to five years in prison.

X has previously addressed platform security through bot removals, API restrictions, and behavioral monitoring. This latest measure aims to cut phishing operations off at the source by rendering hijacked accounts useless for crypto promotion. Bier also criticized Google for not doing enough to block phishing emails before they reach users' inboxes.