In an effort to combat crypto scam phishing on its platform, social media company X is introducing a new security measure that automatically locks accounts mentioning cryptocurrency for the first time. This initiative was disclosed by Nikita Bier, Head of Product at X, who explained that users would need to undergo additional verification before regaining posting privileges.
Bier emphasized that this feature targets the primary motivation behind these phishing attacks, stating it should eliminate 99% of such incentives. These scams often trick victims into surrendering their credentials and subsequently use compromised accounts to promote fraudulent crypto projects.
This update follows a detailed account from an X user who lost access to their account after falling victim to a phishing email masquerading as a copyright violation notice. The attacker created a convincing fake login page to capture two-factor authentication codes, then locked the original owner out and began promoting illegitimate crypto schemes using the hijacked account.
Such attacks have been prevalent on X since before its acquisition by Elon Musk when it was known as Twitter. Common tactics include ‘double your money’ scams promising more cryptocurrency in exchange for an initial transfer, fake memecoins, and fraudulent airdrops often conducted via hijacked accounts to appear credible.
Impersonation of major figures is another effective strategy, with spoofed accounts tricking followers into clicking malicious links that mimic genuine crypto platforms. As cryptocurrency transactions are irreversible, victims lose their funds permanently once deceived by such scams.
A notorious instance occurred in 2020 when hackers infiltrated Twitter’s internal systems and took over high-profile accounts including Apple, Barack Obama, and Elon Musk, promoting a bogus bitcoin giveaway for over $100,000 before the posts were removed. The breach was executed through social engineering against Twitter staff, resulting in a five-year prison sentence for the hacker.
X has previously enhanced its security with bot purges, API restrictions, and behavioral detection techniques. The new auto-lock feature for first-time crypto mentions seeks to address the issue at its core by rendering hijacked accounts ineffective for scams. Bier also criticized Google for not blocking phishing emails at the email level, suggesting that tech giant shares responsibility for failing to protect users from such attacks.