Social media platform X is preparing a new security measure aimed at dismantling a widespread form of crypto phishing that uses hacked accounts to promote fraudulent tokens.
The company will soon automatically lock any account mentioning cryptocurrency for the first time in its history, according to Nikita Bier, the company’s product manager. Users will need to go through additional verification before they can post again.
Bier said this feature targets the main incentive behind these attacks. “This should eliminate 99% of the incentive,” he wrote, referring to the current wave of phishing that tricks users into giving up their credentials and then uses their accounts to promote cryptocurrency scams.
The change was revealed in response to a detailed first-hand account from an X user who lost control of their account after being phished disguised as a copyright infringement notice.
The attacker, according to the user, used a perfectly accurate fake login page to harvest the two-factor codes, then blocked the user and started promoting fraudulent crypto projects from their account.
Crypto scams on X
This type of attack has been extremely common on X, a legacy from before its acquisition by Elon Musk when it was still called Twitter.
One of the most common tactics is the “double your money” scam, in which users are tricked into sending cryptocurrencies in exchange for the promise of receiving more. Others offer fake memecoins or fraudulent airdrops, often using hacked accounts to gain credibility.
Identity theft is one of the most powerful tools. Spoofed accounts, posing as major personalities, have repeatedly tricked subscribers into clicking on malicious links imitating legitimate crypto platforms.
Cryptocurrency transactions are irreversible, so once a user falls for this type of attack, their funds are lost.
The most famous example was in 2020, when hackers accessed Twitter’s internal systems and took control of major accounts, including those of Apple, Barack Obama and Elon Musk.
They used these accounts to promote a fake bitcoin giveaway, generating over $100,000 before the posts were removed. This violation, carried out by social engineering targeting Twitter employees, led to the hacker receiving a 5-year sentence.
X has made several attempts to tighten security. These measures have included bot purges, API restrictions and behavioral detection. The latest initiative to automatically lock accounts that post cryptocurrency-related content for the first time is a continuation of these efforts, with the aim of cutting the tactic at the source: making hacked accounts unusable for scams.
Bier also criticized Google for its failure to block phishing emails at the messaging level, placing some blame on the tech giant for failing to protect its users from phishing attacks.
