X is implementing a new security measure to auto-lock any account that mentions cryptocurrency for the first time. The move, announced by Head of Product Nikita Bier, aims to neutralize phishing scams that exploit compromised accounts to promote fraudulent crypto tokens.
Users will need to complete additional verification before regaining posting privileges. Bier stated the system targets the core incentive behind these attacks, saying it should eliminate 99% of the incentive for scammers.
The decision follows a detailed account from an X user whose account was hijacked via a phishing email disguised as a copyright violation notice. Attackers used a fake login page to steal two-factor codes, locked the victim out, and promoted scam tokens from the compromised profile.
These scams-often promising doubled returns or fake airdrops-have plagued X since its Twitter days. Impersonation of high-profile figures remains a dominant tactic, leveraging trust to trick users into sending irreversible cryptocurrency payments.
The platform has previously countered threats with bot purges and API restrictions. This latest step cuts the threat at its source: rendering hijacked accounts useless for crypto promotion.
Bier also criticized Google for failing to block phishing emails at the email level, holding the tech giant accountable for enabling the attack vector.
