X Platform to Auto-Lock Accounts on First Cryptocurrency Mention to Combat Phishing Scams
April 4, 2026 — In a decisive move to curb the rising tide of cryptocurrency-related phishing scams, Elon Musk’s social media platform X has announced the rollout of a new security feature aimed at automatically locking accounts immediately after their first mention of cryptocurrency. The feature requires users to complete an additional verification step before they can resume posting, serving as a strong deterrent against account hijacking operations exploiting social trust to promote fraudulent crypto schemes.
Targeting Crypto Phishing with Automated Account Locks
Nikita Bier, Head of Product at X, confirmed the deployment of the auto-lock functionality, explaining that it directly targets the financial motivations behind the surge in crypto phishing attacks on the platform. This initiative comes in the wake of an alarming increase in account hijackings, notably exemplified by the compromise of Predictfully founder Benjamin White’s account on April 1. White’s account was weaponized to distribute scam content and extort $4,000 from the real owner, shining a spotlight on the urgency for enhanced security measures.
The auto-lock is triggered when an account posts about cryptocurrency for the very first time. Once activated, the user’s account is immediately locked, and the individual must undergo a verification process to regain posting capabilities. Bier outlined how the core attack vector typically involves hackers accessing accounts via phishing emails, permanently locking out the rightful owners, and then leveraging the account’s established follower trust to promote fraudulent tokens, spurious giveaways, and meme coins.
Aimed at Severing the Link Between Access and Monetization
“This should kill 99% of the incentive,” Bier remarked in response to a user’s detailed account of falling victim to a phishing attack masquerading as a copyright violation notice. The attackers had used a near-perfect fake login page to steal the user’s credentials, including two-factor authentication codes, before locking them out and initiating scam promotions.
Crypto-linked account hijacking has been a chronic issue on X since its earlier Twitter days, often involving mention-spam campaigns and coordinated deceptive behaviors in crypto promotions. While long-term users who have never posted about cryptocurrency will be subject to verification upon their first crypto-related post, legitimate users can expect a swift and streamlined verification process, minimizing disruption.
Criticism of Email Providers and Platform-Level Response
Bier did not hold back criticism of Google, pointing out that Gmail continues to be a significant gateway for phishing emails despite known threats. “Google isn’t doing shit to stop the phishing,” Bier said, emphasizing that X’s new feature functions as a platform-level safeguard in response to upstream vulnerabilities it cannot directly control.
The U.S. Federal Trade Commission has highlighted the multi-billion dollar scale of crypto scams facilitated via social media, where victims often face irreversible losses due to the immutable nature of on-chain transactions. Hijacked accounts with established followers are especially valuable to attackers, making X’s auto-lock feature a direct strike at the profitability of these schemes by disrupting the immediate monetization pathway.
Limitations and Broader Context
Critics have noted that the auto-lock measure intervenes only after phishing has occurred—meaning the initial breach via phishing emails still depends on email providers to bolster defenses. There are also concerns about potential inconveniences to legitimate users posting about crypto for the first time, though Bier reassured that verification will be fast for genuine accounts.
While crypto hack and phishing losses have shown some improvement in recent months—with February 2026 recording the lowest monthly total since March 2025—the recent $285 million exploit of Drift Protocol starkly illustrates the persistent high risk of social engineering attacks in the crypto space. X’s new feature tackles one of the most frequent and harmful attack vectors, contributing to broader efforts to safeguard digital asset communities.
About X (formerly Twitter):
X is a social media platform recently rebranded under Elon Musk’s leadership, focusing on enhanced security measures and innovation in communication technology.
Related Reading:
- Drift Protocol’s $285m Hack Exposes Social Engineering Threats to Solana DeFi
- U.S. Regulatory Agencies Provide Clarity on Crypto Oversight
- SlowMist Audit Confirms No Private Key Leakage in OKX Wallet
For further updates on cryptocurrency security and market developments, subscribe to our newsletter and follow our latest analyses.
Report by Peace Longe, edited by Dorian Batycka for crypto.news