X Platform Introduces Anti-Scam Measure to Combat Crypto Phishing Attacks

X, a social media platform, is rolling out a new security feature to combat widespread crypto phishing attacks that use hijacked accounts to promote fake tokens. The platform will automatically lock any account that mentions cryptocurrency for the first time, according to Nikita Bier, Head of Product. To regain access, users will need to undergo additional verification. This move targets the primary motivation behind these attacks, which trick users into surrendering their credentials, then use their accounts to push crypto scams. Bier stated that this feature should eliminate 99% of the incentive for such attacks. The change follows a detailed account from an X user who fell victim to a phishing email disguised as a copyright violation notice, resulting in their account being hijacked and used to promote fraudulent crypto projects. Crypto scams have been prevalent on X, including the "double your money" scam, fake memecoins, and fraudulent airdrops, often using impersonation to lend credibility. As cryptocurrency transactions are irreversible, once a user falls for such an attack, their funds are lost forever. A notable example occurred in 2020 when hackers accessed Twitter's internal systems, took control of major accounts, and promoted a fake bitcoin giveaway, netting over $100,000 before being removed. X has made several attempts to enhance security, including bot purges, API restrictions, and behavioral detection. The latest move to auto-lock accounts that post about crypto for the first time aims to cut off the tactic at its root by rendering hijacked accounts useless for scams. Bier also criticized Google for failing to stop phishing emails at the email level, emphasizing the tech giant's responsibility to protect its users from phishing attacks.