X Platform to Implement Anti-Scam Measure by Automatically Locking New Crypto Mentions

X, a social media platform, is set to introduce a new security measure designed to combat a prevalent form of cryptocurrency phishing that exploits compromised accounts to promote fraudulent tokens. The company plans to automatically lock any account that mentions cryptocurrency for the first time, according to Nikita Bier, Head of Product. To regain posting privileges, users will be required to undergo additional verification. Bier stated that this feature targets the primary incentive behind these attacks, which involves tricking users into surrendering their credentials and then utilizing their accounts to promote crypto scams. This move was announced in response to a detailed account from an X user who lost control of their account after falling for a phishing email disguised as a copyright infringement notice. The attacker used a fake login page to harvest two-factor codes, locked the user out, and began promoting fraudulent crypto projects from the compromised account. Crypto scams have been a significant issue on X, a problem inherited from its predecessor, Twitter. Common tactics include the 'double your money' scam, where users are promised more cryptocurrency in exchange for sending funds, and the promotion of fake memecoins or fraudulent airdrops, often using hijacked accounts to appear legitimate. Impersonation is a powerful tool, with spoofed accounts impersonating major personalities tricking followers into clicking malicious links that mimic legitimate crypto platforms. Since cryptocurrency transactions are irreversible, once a user falls for such an attack, their funds are lost. A notable example occurred in 2020 when hackers accessed Twitter's internal systems, took control of major accounts, including those of Apple, Barack Obama, and Elon Musk, and used them to promote a fake bitcoin giveaway, netting over $100,000 before the posts were removed. X has made several attempts to enhance security, including bot purges, API restrictions, and behavioral detection. The latest move to auto-lock accounts that post about crypto for the first time aims to cut off the tactic at its root by rendering hijacked accounts useless for scams. Bier also criticized Google for failing to stop phishing emails at the email level, emphasizing the tech giant's share of responsibility for failing to protect its users from phishing attacks.