Key Highlights
- Accounts posting cryptocurrency content for the first time will face automatic suspension, requiring additional verification steps before resuming activity
- The security measure addresses hijacking schemes where attackers commandeer accounts to advertise fraudulent tokens and deceptive schemes
- Product Lead Nikita Bier believes the feature will eliminate “99% of the incentive” behind these malicious attacks
- The implementation comes after a surge in deceptive copyright notification emails designed to capture login details and authentication codes
- X’s Product Lead also placed blame on Google for insufficient filtering of malicious emails reaching Gmail users
The social media platform X has announced plans to implement a security protocol that automatically freezes accounts when they publish cryptocurrency-related content for the first time. Users will need to undergo additional verification before regaining posting privileges.
Yeah we’re aware.
We are in the process of implementing auto-locking + verification if a user posts about cryptocurrency for the first time in the history of their account.
This should kill 99% of the incentive, especially since Google isn’t doing shit to stop the phishing…
— Nikita Bier (@nikitabier) April 1, 2026
X’s Product Lead, Nikita Bier, confirmed the development through a post on the platform. He explained that the initiative aims to eliminate the appeal for attackers who compromise accounts to execute cryptocurrency fraud schemes.
“This should kill 99% of the incentive,” Bier stated, addressing the ongoing phishing campaign affecting X users.
The declaration followed a user’s public account of having their access revoked through a deceptive email masquerading as a copyright infringement warning. The perpetrator deployed a counterfeit login interface to obtain the user’s authentication credentials and security codes.
After gaining entry, the attacker removed the legitimate owner’s access and began broadcasting deceptive cryptocurrency ventures to the account’s audience.
The Mechanics Behind These Schemes
These incidents follow a recognizable blueprint. An attacker assumes control of an account, then leverages it to advertise counterfeit memecoins, bogus airdrops, or investment multiplication schemes. The established reputation of a genuine account increases the likelihood that followers will engage.
Blockchain transactions remain irreversible, leaving victims with zero recourse to reclaim stolen assets after transfers are completed.
The most notorious instance of such an operation occurred in 2020. Attackers penetrated Twitter’s backend infrastructure and commandeered verified profiles belonging to Apple, Barack Obama, and Elon Musk.
These compromised accounts broadcast a fraudulent Bitcoin giveaway that accumulated over $100,000 before removal. The perpetrator eventually received a five-year prison sentence.
Broader Security Initiatives at X
X has maintained ongoing efforts to combat fraudulent operations across the platform. Previous measures include automated bot removal campaigns, stricter API controls, and enhanced behavioral monitoring systems.
During late 2025, X announced dismantling a corruption network linked to cryptocurrency fraud operations. Banned users reportedly attempted to compensate middlemen for bribing X employees to reinstate terminated accounts.
The newly announced auto-lock mechanism extends these efforts by intercepting schemes at their origin point. When compromised accounts cannot publish cryptocurrency content without triggering suspension, their utility to attackers diminishes substantially.
Bier emphasized his support for authentic cryptocurrency engagement on X. He distinguished between legitimate activity and ventures that “create incentives to spam, raid, and harass.”
He further directed criticism toward Google specifically, asserting that Gmail’s security filters fail to prevent phishing messages from reaching user mailboxes, assigning partial accountability to the technology corporation.
The auto-lock mechanism remains in development stages, with deployment expected in the near future.
