X Platform Introduces Automatic Account Locking to Combat Crypto Scams

X, a social media platform, is set to introduce a new security measure designed to curb the widespread issue of cryptocurrency phishing scams that utilize compromised accounts to promote fraudulent tokens. The company will automatically lock any account that mentions cryptocurrency for the first time, requiring users to undergo additional verification before they can post again, according to Nikita Bier, Head of Product. This feature aims to eliminate the primary incentive behind these attacks, as stated by Bier, who believes it will put an end to 99% of such scams. The move comes after an X user shared a firsthand account of falling victim to a phishing email disguised as a copyright infringement notice, resulting in their account being hijacked and used to promote fake cryptocurrency projects. Such attacks have been prevalent on the platform, often involving tactics like the "double your money" scam, where users are deceived into sending cryptocurrency in exchange for a promise of more, or the promotion of fake memecoins and fraudulent airdrops using hijacked accounts to appear legitimate. Impersonation is a powerful tool in these scams, with spoofed accounts impersonating prominent figures tricking followers into clicking malicious links that mimic legitimate cryptocurrency platforms. As cryptocurrency transactions are irreversible, once a user falls victim to such an attack, their funds are lost. A notable example of such a breach occurred in 2020, when hackers accessed Twitter's internal systems, took control of major accounts, including those of Apple, Barack Obama, and Elon Musk, and used them to promote a fake bitcoin giveaway, earning over $100,000 before the posts were removed. This breach, carried out through social engineering against Twitter employees, resulted in the hacker receiving a 5-year sentence. X has made several attempts to enhance security, including bot purges, API restrictions, and behavioral detection. The latest move to auto-lock accounts that post about cryptocurrency for the first time builds upon these efforts, aiming to cut off the scam tactic at its root by rendering hijacked accounts useless for scams. Bier also criticized Google for failing to prevent phishing emails at the email level, emphasizing the tech giant's share of responsibility in protecting its users from phishing attacks.