X Platform to Implement Anti-Scam Measures by Automatically Locking New Crypto Mentions

X, a social media platform, is set to introduce a new security measure designed to combat a prevalent form of cryptocurrency phishing that exploits hijacked accounts to promote fraudulent tokens. The company will soon introduce an auto-lock feature for any account that mentions cryptocurrency for the first time, requiring users to undergo additional verification before being allowed to post again, according to Nikita Bier, Head of Product. This feature aims to eliminate the primary incentive behind these attacks, which trick users into divulging their login credentials and then use their accounts to promote crypto scams. The move comes after an X user shared a firsthand account of losing control of their account to a phishing email disguised as a copyright infringement notice. The attacker used a fake login page to harvest two-factor codes, locked the user out, and began promoting fake crypto projects from the account. Such attacks have been common on X, often involving tactics like the "double your money" scam, where users are promised more cryptocurrency in exchange for sending some, or the promotion of fake memecoins and airdrops using hijacked accounts to lend credibility. Impersonation is a powerful tool used in these scams, with spoofed accounts impersonating major personalities tricking followers into clicking malicious links that mimic legitimate crypto platforms. Since cryptocurrency transactions are irreversible, once a user falls for such an attack, their funds are lost. A notable example occurred in 2020 when hackers accessed Twitter's internal systems, took control of major accounts, including those of Apple, Barack Obama, and Elon Musk, and used them to promote a fake bitcoin giveaway, earning over $100,000 before the posts were removed. X has made several attempts to enhance security, including bot purges, API restrictions, and behavioral detection. The latest move to auto-lock accounts that post about crypto for the first time aims to cut off the tactic at its root by rendering hijacked accounts useless for scams. Bier also criticized Google for failing to prevent phishing emails at the email level, emphasizing the tech giant's responsibility to protect its users from phishing attacks.