The platform's head of product, confirmed the feature and said it will require affected accounts to complete additional verification before posting again.
Crypto News
X is introducing an automatic account lock that triggers the moment a user posts about cryptocurrency for the first time. Nikita Bier, the platform's head of product, confirmed the feature and said it will require affected accounts to complete additional verification before posting again.
Bier framed the measure as a direct attack on the economics of account hijacking. He said the feature should eliminate 99% of the incentive behind the current wave of phishing attacks hitting X users. Those attacks work by tricking users into surrendering their login credentials, then using the compromised accounts to push fraudulent crypto projects to unsuspecting followers.
The announcement followed a public post from an X user who described losing account access after opening a fake copyright violation email. The email directed the user to a counterfeit login page that captured their password and two-factor authentication code in real time. The attacker then locked the user out and began promoting scam tokens from the account.
This type of hijack is among the most common forms of crypto fraud on the platform. Attackers frequently use stolen accounts to run fake token promotions, fraudulent airdrop campaigns, and "double your money" schemes. Hijacked accounts lend credibility to these scams because followers trust the original account holder.
Impersonation remains a parallel threat. Fake accounts mimicking well-known public figures have repeatedly pushed followers toward malicious links designed to look like legitimate crypto platforms. Crypto transactions cannot be reversed, so victims have no way to recover funds once they are sent.
The most widely referenced case dates to 2020, when attackers used social engineering to gain access to Twitter's internal tools. They seized accounts belonging to Apple, Barack Obama, and Elon Musk, then used them to solicit Bitcoin under the premise of a giveaway. The scheme brought in over $100,000 before the posts came down. The attacker was later sentenced to five years in prison.
X has previously deployed bot purges, API restrictions, and behavioral detection to address platform abuse. The new auto-lock feature targets the same problem at an earlier point, making hijacked accounts useless for crypto promotion before any damage is done. Bier also criticized Google for allowing phishing emails to pass through Gmail, arguing the company shares responsibility for the attacks reaching users in the first place.
This article contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of CoinMarketCap, and CoinMarketCap is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. CoinMarketCap is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by CoinMarketCap of the site or any association with its operators. This article is intended to be used and must be used for informational purposes only. It is important to do your own research and analysis before making any material decisions related to any of the products or services described. This article is not intended as, and shall not be construed as, financial advice. The views and opinions expressed in this article are the author’s [company’s] own and do not necessarily reflect those of CoinMarketCap.
