Social media platform X is preparing a new security measure aimed at shutting down a widespread form of crypto phishing that leverages hijacked accounts to promote scam tokens.
The company will soon auto-lock any account that mentions cryptocurrency for the first time in its history, according to the company’s Head of Product Nikita Bier. Users will need to go through additional verification before being allowed to post again.
Bier said the feature targets the core incentive behind these attacks. “This should kill 99% of the incentive,” he wrote, referring to the current wave of phishing that tricks users into giving up their credentials, then uses their accounts to push crypto scams.
The change was unveiled in response to a detailed firsthand account from an X user who lost control of their account after falling for a phishing email disguised as a copyright violation notice.
The attacker, the user said, used a pixel-perfect fake login page to harvest two-factor codes, then locked the user out and began promoting fraudulent crypto projects from their account.
Crypto scams on X
These types of attacks have been extremely common on X, an inheritance from before it was acquired by Elon Musk and was still called Twitter.
One of the most common tactics is the “double your money” scam, in which users are told to send cryptocurrency in exchange for a promise of more. Others push fake memecoins or fraudulent airdrops, often using hijacked accounts to lend credibility.
Impersonation is one of the most powerful tools. Spoofed accounts impersonating major personalities have repeatedly tricked followers into clicking malicious links that mimic legitimate crypto platforms.
Cryptocurrency transactions are irreversible, so once a user falls for such an attack, their funds are gone.
The most infamous example came in 2020, when hackers accessed Twitter’s internal systems and took control of major accounts, including those of Apple, Barack Obama, and Elon Musk.
They used those accounts to promote a fake bitcoin giveaway, netting over $100,000 before the posts were removed. That breach, carried out through social engineering against Twitter employees, resulted in the hacker receiving a 5-year sentence.
X has made several attempts to bolster security. These have included bot purges, API restrictions, and behavioral detection. The latest move to auto-lock accounts that post about crypto for the first time builds on those efforts, aiming to cut off the tactic at its root: by making hijacked accounts useless for scams.
Bier also called out Google for failing to stop phishing emails at the email level, pointing the finger at the tech giant’s share of the responsibility for failing to protect its users from phishing attacks.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
In Q1 2026, Web3 projects suffered losses of over $460 million from hacks and scams, with phishing attacks leading the way.
Hacken’s report shows that in the first quarter of 2026, Web3 projects lost $464.5 million due to hacker attacks and scams, with phishing and social engineering attacks accounting for $306 million in losses. In addition, hardware wallet scams accounted for the bulk of the losses. Moreover, losses were also significant due to smart contract vulnerabilities and access control failures. In terms of regulation, the European legal framework has increased security monitoring requirements.
GateNews39m ago
RAVE’s hype surge triggers a flood of copycat coin mania, as FF and INX expose the “pump-and-dump” scheme
Recently, altcoins represented by RAVE have sparked a fierce investment craze, but some old star projects like FF and INX have used this wave of hype to carry out “pump-and-dump” operations—rapidly driving up coin prices to lure retail investors to buy, and then dumping them heavily, causing the price to plunge rapidly. Such behavior not only exposes the project team’s funding difficulties, but also damages investors’ trust. Investors need to stay alert to signals like abnormal short-term surges in order to avoid the risk of being manipulated by the market.
MarketWhisper4h ago
FBI teams up with Indonesia to dismantle W3LL phishing network, with more than $20 million involved
The U.S. FBI and Indonesian police successfully cooperated to dismantle a W3LL phishing network, seizing related equipment and detaining suspects. The W3LL phishing toolkit offers low-priced fake login pages that use man-in-the-middle attacks to easily bypass multi-factor authentication, forming an organized cybercrime ecosystem. This operation marks cooperation between the U.S. and Indonesia in law enforcement against cybercrime; however, the security threats to cryptocurrency users remain severe.
MarketWhisper7h ago
Squads Emergency Alert: Address poisoning and forged multisig accounts; a whitelist mechanism will go live
Solana ecosystem multi-signature agreement Squads issued a warning, pointing out that attackers launched an address poisoning attack against users by using fake accounts to trick users into making unauthorized transfers. Squads confirmed that there was no loss of funds and emphasized that this is a social engineering attack rather than a protocol vulnerability. To respond, Squads has implemented protective measures such as a warning system, non-interactive account prompts, and a whitelist mechanism. This incident reflects the growing social engineering threats in the Solana ecosystem and has prompted ongoing security reviews.
MarketWhisper8h ago
South Korean “retaliation intermediary” agencies charged USDT to carry out violent crimes, and continued operating even after the main suspect was arrested
South Korea has recently seen multiple “revenge intermediary” organizations that use cryptocurrency as a payment method. They offer intimidation and murder services via Telegram. Even though the main culprit has been arrested, related advertisements are still being posted. Police are investigating more than 50 cases and have arrested about 30 people.
GateNews9h ago
Fake Ledger App on Apple’s App Store Drains Musician’s 5.9 BTC Retirement Fund
A fake Ledger app on Apple's App Store deceived musician Garrett Dutton into losing 5.9 BTC by entering his seed phrase. This case highlights ongoing wallet scams and the exploitation of trust, as the stolen bitcoin was laundered through KuCoin.
CryptoNewsFlash14h ago
