Social media platform X is preparing a new security measure aimed at shutting down a widespread form of crypto-phishing that exploits hijacked accounts to promote scam tokens.
The company will soon automatically lock any account that mentions cryptocurrency for the first time in its history, according to the company’s product manager Nikita Bier. Users must go through additional verification before they are allowed to post again.
Bier said the feature targets the central incentive behind these attacks. “This should kill 99% of the incentive,” he wrote, referring to the current wave of phishing scams that trick users into giving up their credentials and then use their accounts to push crypto scams.
The change was revealed in response to a detailed first-hand account from an X user who lost control of their account after falling for a phishing email disguised as a copyright infringement notice.
The attacker, the user said, used a pixel-perfect fake login page to harvest two-factor codes, then locked the user out and began promoting fraudulent crypto projects from their account.
Crypto scam on X
These types of attacks have been extremely common on X, a legacy from before it was acquired by Elon Musk and was still called Twitter.
One of the most common tactics is the “double your money” scam, where users are told to send cryptocurrency in exchange for a promise of more. Others push fake memecoins or fraudulent airdrops, often using hijacked accounts to lend credibility.
Imitation is one of the most powerful tools. Fake accounts impersonating big personalities have repeatedly tricked followers into clicking on malicious links impersonating legitimate crypto platforms.
Cryptocurrency transactions are irreversible, so when a user falls for such an attack, their money is gone.
The most infamous example came in 2020, when hackers gained access to Twitter’s internal systems and took control of major accounts, including Apple’s, Barack Obama’s and Elon Musk’s.
They used these accounts to promote a fake bitcoin giveaway and brought in over $100,000 before the posts were removed. The breach, carried out through social engineering against Twitter employees, resulted in the hacker receiving a 5-year prison sentence.
X has made several attempts to strengthen security. These have included bot cleanups, API restrictions, and behavior detection. The latest move to automatically lock accounts that post about crypto for the first time builds on these efforts, aiming to cut off the tactic at its root: rendering hijacked accounts unusable for fraud.
Bier also called out Google for not stopping phishing emails at the email level, pointing the finger at the tech giant’s share of responsibility for not protecting its users from phishing attacks.
