Key Points
- X’s new security measure automatically freezes accounts making their first cryptocurrency-related post, mandating additional verification steps
- The initiative combats phishing schemes where attackers compromise accounts to advertise fraudulent tokens
- Product leader Nikita Bier claims the tool will eliminate “99% of the incentive” behind these attacks
- The implementation follows widespread fake copyright notices designed to capture login details and authentication codes
- Nikita Bier also pointed fingers at Google for permitting phishing messages to reach Gmail users
The social media platform X, owned by Elon Musk, is implementing a fresh security protocol that automatically freezes accounts the moment they publish cryptocurrency-related content for the first time. Users must complete verification procedures before regaining posting privileges.
Yeah we’re aware.
We are in the process of implementing auto-locking + verification if a user posts about cryptocurrency for the first time in the history of their account.
This should kill 99% of the incentive, especially since Google isn’t doing shit to stop the phishing…
— Nikita Bier (@nikitabier) April 1, 2026
Nikita Bier, serving as X’s Product Head, announced the development through the platform itself. He explained that the primary objective is to neutralize cybercriminals who take control of accounts solely for executing cryptocurrency fraud schemes.
“This should kill 99% of the incentive,” Bier stated, addressing the ongoing surge of phishing operations aimed at X’s user base.
The declaration followed an X member’s public disclosure about losing control of their account via a phishing message masquerading as a copyright infringement alert. The perpetrator deployed a counterfeit login interface to steal the victim’s authentication credentials and two-factor codes.
After gaining unauthorized access, the attacker blocked the legitimate owner and began broadcasting deceptive cryptocurrency schemes to the account’s audience.
Understanding the Fraud Methodology
These cyberattacks typically follow a predictable sequence. An unauthorized party seizes control of an account, subsequently leveraging it to advertise counterfeit meme tokens, bogus airdrops, or fraudulent crypto investment schemes promising unrealistic returns. The established reputation of a genuine account increases the likelihood that followers will engage with malicious links.
Cryptocurrency transfers are permanent and irreversible, leaving victims without any recourse for fund recovery once transactions are completed.
The most notorious incident of this attack type occurred in 2020. Cybercriminals infiltrated Twitter’s internal infrastructure and commandeered verified profiles belonging to Apple, Barack Obama, and Elon Musk.
These compromised accounts promoted a fraudulent Bitcoin giveaway that accumulated more than $100,000 before platform administrators removed the content. The perpetrator ultimately received a five-year prison sentence.
X’s Comprehensive Security Initiatives
X has maintained ongoing efforts to combat fraudulent activity across its platform. The organization has previously conducted automated account purges, strengthened API access controls, and enhanced behavioral pattern detection systems.
Toward the end of 2025, X announced it had dismantled a corruption network linked to cryptocurrency scam operations. Banned users had reportedly attempted to compensate intermediaries for bribing X employees to reinstate previously suspended accounts.
The newly introduced automatic lock mechanism builds upon these existing safeguards by intercepting scams at their origin point. When a compromised account cannot publish cryptocurrency content without triggering an immediate freeze, its value to attackers diminishes substantially.
Bier emphasized his support for authentic cryptocurrency engagement on X. He distinguished between legitimate activity and schemes that “create incentives to spam, raid, and harass.”
He additionally called out Google specifically, arguing that Gmail’s security filters are inadequate in preventing phishing messages from reaching user mailboxes, attributing partial accountability to the technology corporation.
The automatic account lock functionality has not yet been deployed but is scheduled for release in the near future.
