X Platform Introduces Automatic Account Locking to Combat Crypto Scams

X, a social media platform, is set to introduce a new security measure to combat a widespread form of cryptocurrency phishing that utilizes hijacked accounts to promote fraudulent tokens. The platform will automatically lock any account that mentions cryptocurrency for the first time, requiring users to undergo additional verification before being allowed to post again. This move targets the primary incentive behind these attacks, according to X's Head of Product, Nikita Bier. The feature was announced in response to a user's account being compromised after falling for a phishing email disguised as a copyright violation notice. The attacker used a fake login page to harvest two-factor codes, locked the user out, and began promoting fake crypto projects from the account. Such attacks have been common on X, often involving tactics like the 'double your money' scam, fake memecoins, or fraudulent airdrops, frequently using hijacked accounts to lend credibility. Impersonation is a powerful tool, with spoofed accounts impersonating major personalities tricking followers into clicking malicious links. Cryptocurrency transactions are irreversible, so once a user falls for such an attack, their funds are lost. A notable example was the 2020 hack of Twitter's internal systems, where hackers took control of major accounts, including those of Apple, Barack Obama, and Elon Musk, to promote a fake bitcoin giveaway. X has made several attempts to bolster security, including bot purges, API restrictions, and behavioral detection. The latest move to auto-lock accounts that post about crypto for the first time aims to cut off the tactic at its root by making hijacked accounts useless for scams. Bier also criticized Google for failing to stop phishing emails at the email level, emphasizing the tech giant's share of responsibility for failing to protect its users from phishing attacks.