Bootstrap Gallery
  1. Home
  2. Web3

X Platform Introduces Anti-Scam Measure to Combat Crypto Phishing Attacks

X, a social media platform, is set to introduce a novel security measure designed to curb a pervasive form of cryptocurrency phishing that exploits hijacked accounts to promote fraudulent tokens. The company will soon introduce an auto-lock feature for any account that mentions cryptocurrency for the first time, requiring users to undergo additional verification before they can post again, according to Nikita Bier, the company's Head of Product. Bier stated that this feature targets the primary incentive behind these attacks, which trick users into surrendering their login credentials, then utilize their accounts to promote crypto scams. This move comes after an X user shared a firsthand account of losing control of their account due to a phishing email disguised as a copyright infringement notice. The attacker used a fake login page to obtain two-factor codes, locked the user out, and began promoting fake crypto projects from their account. Such attacks have been prevalent on X, a legacy issue from its Twitter days. Common tactics include the 'double your money' scam, where users are promised more cryptocurrency in exchange for sending some, and impersonation, where spoofed accounts mimic major personalities to trick followers into clicking malicious links. Since cryptocurrency transactions are irreversible, once a user falls victim to such an attack, their funds are lost forever. A notable example occurred in 2020 when hackers accessed Twitter's internal systems, took control of major accounts, including those of Apple, Barack Obama, and Elon Musk, and used them to promote a fake bitcoin giveaway, earning over $100,000 before the posts were removed. X has made several attempts to enhance security, including bot purges, API restrictions, and behavioral detection. The latest move to auto-lock accounts that post about crypto for the first time aims to cut off this tactic at its root by rendering hijacked accounts useless for scams. Bier also criticized Google for failing to stop phishing emails at the email level, emphasizing the tech giant's responsibility to protect its users from phishing attacks.