X is preparing its most aggressive anti-scam measure yet: any account that posts about cryptocurrency for the first time in its history will be automatically locked, requiring identity verification before being allowed to post again.

How It Works

Head of Product Nikita Bier announced the feature in response to a viral thread from a user who lost their account to a phishing attack. The attacker used a pixel-perfect fake copyright violation email to harvest login credentials and two-factor codes, then hijacked the account to promote fraudulent crypto tokens.

The new system targets the core economics of this attack chain. By auto-locking accounts on their first-ever crypto mention, X makes hijacked accounts essentially worthless to scammers. "This should kill 99% of the incentive," Bier wrote.

The Problem It Solves

Crypto phishing on X has been a persistent plague since the platform's Twitter days. The most common patterns include "double your money" scams, fake memecoin promotions, and fraudulent airdrops - all leveraging hijacked accounts with established follower bases for credibility.

The most notorious incident was the 2020 Twitter breach, when hackers accessed internal tools and took over accounts belonging to Apple, Barack Obama, and Elon Musk to promote a fake bitcoin giveaway, netting over $100,000. The hacker received a five-year sentence.

Collateral Damage?

The feature could frustrate legitimate users posting about crypto for the first time. Bier did not detail the verification process or how long locks would last. He also called out Google for failing to stop phishing emails at the source, pointing to shared responsibility across platforms.

The measure joins X's existing bot purges, API restrictions, and behavioral detection systems.