Elon Musk’s X is rolling out a security feature that will automatically lock any account that mentions cryptocurrency for the first time — requiring additional verification before posting resumes — a direct response to a wave of account hijacking campaigns exploiting social trust to promote scam tokens.
Summary
- X Head of Product Nikita Bier confirmed the auto-lock feature, saying it targets the financial incentive behind crypto phishing attacks on the platform
- The measure follows a surge in account hijacking incidents, including the April 1 compromise of Predictfully founder Benjamin White’s account, which was used to push scam content and extort $4,000 from the real owner
- Bier estimates the feature should eliminate 99% of the incentive behind current phishing operations and called out Google for failing to block phishing emails at the Gmail level
The auto-lock triggers on an account’s first-ever cryptocurrency-related post. Once triggered, the account is locked, and the user must complete verification before regaining access. Bier described it as targeting the core attack vector: hackers gain account access through phishing emails, lock out the original owner, and use the account’s established follower trust to promote fraudulent tokens, fake giveaways, and memecoins.
“This should kill 99% of the incentive,” Bier wrote in response to a user’s account of how they lost control of their profile to a phishing attack disguised as a copyright violation notice. The attacker had used a pixel-perfect fake login page to harvest the user’s credentials and two-factor authentication codes before locking them out and beginning scam promotion.
What This Targets
Crypto-linked account hijacking on X has been a documented and persistent problem since the platform’s days as Twitter. The auto-lock builds on earlier platform efforts to eliminate mention-spam campaigns and coordinated account behavior used in crypto promotions. Long-term users who have never posted about cryptocurrency will face verification on their first such post, while legitimate accounts, Bier indicated, can regain access quickly through the process.
Bier also publicly criticized Google for allowing phishing emails to reach users through Gmail. “Google isn’t doing shit to stop the phishing,” he wrote — framing the auto-lock as a platform-level workaround to a vulnerability upstream that X cannot directly control.
The U.S. Federal Trade Commission has documented how social media crypto scams have surged into a multi-billion dollar problem, with victims often unable to recover funds given the irreversibility of on-chain transfers. This structural reality is what makes hijacked accounts with established follower trust so valuable to attackers — and what the auto-lock directly targets by severing the link between account access and immediate monetization via crypto promotion.
Limitations
Critics have flagged that the measure only intervenes after an account has already been compromised via phishing. If email providers do not better filter phishing emails upstream, the attack chain remains intact. The feature could also create friction for legitimate first-time crypto posts from established accounts, though Bier indicated the verification process will be brief for genuine users.
As broader crypto hack and phishing losses have shown improvement in recent months — with February 2026 recording the lowest monthly total since March 2025 — the $285 million Drift Protocol exploit this week is a sharp reminder that headline risk remains high. X’s new feature addresses one specific and high-volume attack vector within a much larger ecosystem of crypto-linked fraud.
