X Platform Introduces Automated Lockout for New Crypto Mentions to Combat Scams

X, a social media platform, is set to introduce a new security feature designed to combat a prevalent form of cryptocurrency phishing that exploits hijacked accounts to promote fraudulent tokens. The platform will automatically lock any account that mentions cryptocurrency for the first time, according to Nikita Bier, the company's Head of Product. To regain posting access, users will need to undergo additional verification. Bier stated that this feature targets the primary incentive behind these attacks, which trick users into surrendering their credentials and then use their accounts to push crypto scams. This move comes after an X user shared a firsthand account of losing control of their account due to a phishing email disguised as a copyright infringement notice. The attacker used a fake login page to harvest two-factor codes, locked the user out, and began promoting fake crypto projects from the compromised account. Crypto scams have been a long-standing issue on X, inherited from its predecessor Twitter. Common tactics include the 'double your money' scam, where users are promised more cryptocurrency in exchange for sending funds, and impersonation scams, where hijacked accounts are used to lend credibility to fake memecoins or airdrops. Since cryptocurrency transactions are irreversible, once a user falls victim to such an attack, their funds are lost. A notable example occurred in 2020 when hackers accessed Twitter's internal systems, taking control of prominent accounts, including those of Apple, Barack Obama, and Elon Musk, to promote a fake bitcoin giveaway. The latest security measure aims to combat these scams by rendering hijacked accounts useless for such activities. Bier also criticized Google for failing to stop phishing emails at the email level, emphasizing the tech giant's responsibility in protecting its users from phishing attacks.