Nikita Bier, X's head of product, announced a new measure to protect users from crypto scammers: if an account posts about crypto for the first time, the platform will automatically lock it and require identity verification.
"This should remove up to 99% of the incentive to hack accounts," he noted.
The announcement came on April 1st in response to a post from a user describing how he lost access to his account through phishing. The attackers used a classic playbook: the victim received an email that appeared to be from X warning about a copyright violation, followed a link to a fake website, entered his login credentials and a one-time SMS code — and that was it. Within 30 seconds, the attackers had taken over the account and immediately started posting scams.
The Scale of the Problem
The victim submitted two support requests to X an hour apart and compared the case numbers — more than 1,300 new tickets had come in during that time. Bier didn't deny the scale of the issue in his reply.
"Yeah, we're aware," he wrote, adding that Google does nothing to block phishing emails.
The new auto-lock mechanism triggered by a first-time crypto post is a direct response to this wave of attacks. Bier also mentioned that a mass-tagging spam attack targeting users in crypto scam posts had already been blocked the day before.