Elon Musk’s X is rolling out a security feature that will automatically lock any account that mentions cryptocurrency for the first time — requiring additional verification before posting resumes — a direct response to a wave of account hijacking campaigns exploiting social trust to promote scam tokens.
Summary
The auto-lock triggers on an account’s first-ever cryptocurrency-related post. Once triggered, the account is locked, and the user must complete verification before regaining access. Bier described it as targeting the core attack vector: hackers gain account access through phishing emails, lock out the original owner, and use the account’s established follower trust to promote fraudulent tokens, fake giveaways, and memecoins.
“This should kill 99% of the incentive,” Bier wrote in response to a user’s account of how they lost control of their profile to a phishing attack disguised as a copyright violation notice. The attacker had used a pixel-perfect fake login page to harvest the user’s credentials and two-factor authentication codes before locking them out and beginning scam promotion.
Crypto-linked account hijacking on X has been a documented and persistent problem since the platform’s days as Twitter. The auto-lock builds on earlier platform efforts to eliminate mention-spam campaigns and coordinated account behavior used in crypto promotions. Long-term users who have never posted about cryptocurrency will face verification on their first such post, while legitimate accounts, Bier indicated, can regain access quickly through the process.
Bier also publicly criticized Google for allowing phishing emails to reach users through Gmail. “Google isn’t doing shit to stop the phishing,” he wrote — framing the auto-lock as a platform-level workaround to a vulnerability upstream that X cannot directly control.
The U.S. Federal Trade Commission has documented how social media crypto scams have surged into a multi-billion dollar problem, with victims often unable to recover funds given the irreversibility of on-chain transfers. This structural reality is what makes hijacked accounts with established follower trust so valuable to attackers — and what the auto-lock directly targets by severing the link between account access and immediate monetization via crypto promotion.
Critics have flagged that the measure only intervenes after an account has already been compromised via phishing. If email providers do not better filter phishing emails upstream, the attack chain remains intact. The feature could also create friction for legitimate first-time crypto posts from established accounts, though Bier indicated the verification process will be brief for genuine users.
As broader crypto hack and phishing losses have shown improvement in recent months — with February 2026 recording the lowest monthly total since March 2025 — the $285 million Drift Protocol exploit this week is a sharp reminder that headline risk remains high. X’s new feature addresses one specific and high-volume attack vector within a much larger ecosystem of crypto-linked fraud.
Anthropic has purchased the stealth biotech AI startup Coefficient Bio in a $400 million stock…
Key Takeaways: Fed funds futures on CME show a 99.5% probability the Fed holds rates…
U.S. forces have recovered a crew member from a downed F-15E inside Iranian territory, confirming…
If you like playing daily word games like Wordle, then Hurdle is a great game…
The opportunity comes with a few conditions, though. Here's what traders need to know.…
Liftoff. At 6:35 pm ET on April 2, a Space Launch System rocket lifted an…