Author: Shenchao TechFlow

Srenchao Overview: Nikita Bier, the product leader of the X platform, announced that the platform is deploying a new mechanism: any account that posts cryptocurrency-related content for the first time will be automatically locked and required to verify their identity, claiming this move will "eliminate 99% of malicious motivations." This policy directly targets the current most rampant scam model: hackers promoting fake tokens by stealing accounts through phishing emails and exploiting the trust of their followers.

Text:

Cryptocurrency scams have become the most stubborn security ailment of the X platform, and the platform is preparing to launch its most aggressive product-level response plan to date.

According to Crypto Briefing's report on April 2, Nikita Bier responded to a user who was a victim of a phishing attack on April 1 on the X platform, announcing that X is deploying an automatic locking mechanism: when any account posts cryptocurrency-related content for the first time in its history, the system will automatically lock that account and require identity verification before continuing to post.

Bier wrote in the original post: "This should kill 99% of the incentive, especially since Google isn't doing anything to stop the phishing." He also pointed fingers at Google, criticizing its failure to effectively intercept phishing emails at the Gmail level, stating that X's automatic locking is essentially a remedy for Google's security deficiency.

Phishing attacks becoming the main carrier of cryptocurrency scams, stolen accounts turned into "push tools"

The impetus for Bier’s statement was a personal experience shared by Benjamin White, founder of the prediction market platform Predictfully. According to TheStreet's report, White detailed on April 1 on the X platform how his account was hacked: the attacker disguised as a copyright infringement notification in a phishing email tricked him into clicking a counterfeit login page, stealing login credentials including two-factor verification codes, then locking his account and using it to promote fake cryptocurrency projects. Worse, the hacker even demanded a $4,000 "ransom" for the account.

This attack model has now become highly industrialized. The typical operation process for hackers is: sending phishing emails disguised as official notifications (copyright warnings, security alerts, etc.), tricking users into entering credentials on a carefully copied login page, immediately posting fake tokens or phishing links once the account is stolen, and rapidly cashing out based on the original account's follower trust. Since cryptocurrency transactions are irreversible, once victims are deceived, their funds cannot be recovered.

According to Chainalysis's annual cryptocurrency crime report released this year, on-chain scam funds reached at least $14 billion in 2025, a significant increase from the $9.9 billion in 2024. Data from CertiK shows that in just January 2026, phishing attacks caused losses exceeding $311 million, with a single victim losing $284 million due to social engineering attacks.

Turning stolen accounts into "waste cards"

Bier’s strategy directly targets a key link in this profit chain: making stolen accounts completely lose value in cryptocurrency promotion.

The specific mechanism is as follows: if an account that has never posted cryptocurrency content suddenly starts promoting tokens, the system will automatically trigger a locking and identity verification process. According to further explanations from Bier as quoted by Bitget, he specifically cited a typical scenario: "If you have over 10,000 followers but have never had any history of cryptocurrency-related activity, suddenly starting to promote a meme coin, that is 100% a scam. We will detect this behavior and require verification of account ownership to reduce hijacking incidents."

The core logic of this mechanism is from an economic perspective: the primary goal of hackers stealing accounts is to use their follower base to promote fake tokens; if a stolen account is locked immediately upon posting cryptocurrency content, then the cost-benefit ratio of the entire hacking behavior will drastically worsen, fundamentally dismantling the motivation for wrongdoing.

X's anti-fraud combination

The automatic locking of the first encrypted post is just one aspect of X's anti-fraud strategy.

According to TheStreet's report, users have reflected in Bier's post that scam accounts often tag 50 users at once for spam attacks. Bier responded that this type of bulk tagging behavior "should have been blocked," but from user feedback, it seems that the actual interception effectiveness still has room for improvement.

Additionally, X will increase the monitoring of account hijacking behavior. Stolen accounts publishing scam content are currently one of the main carriers of cryptocurrency scams on the platform. According to Bitget, the new verification system will also target those bot accounts impersonating legitimate cryptocurrency companies, which typically reply under official posts pretending to be customer service personnel to lure victims.

Since joining X as product leader in July 2025, Bier has led multiple rounds of anti-spam actions. In October last year, X cleared 1.7 million bot accounts engaged in reply spam at once; also launched an account transparency tool that publicly displays metadata such as account registration country and username change history. In January this year, X also imposed restrictions on InfoFi-type applications (platforms that monetize information and user interaction), citing that these accounts published a large volume of low-quality content generated by AI and reply spam.

From a timeline perspective, Bier's statement coincides with a scam incident that has attracted widespread attention. According to TradingView citing Cointelegraph, a scammer impersonated the veterinarian responsible for caring for Jonathan, a 193-year-old turtle, to promote a Solana-based meme coin "JONATHAN" on social media; the token surged over 6,000% before quickly crashing. Media such as BBC later exposed the truth behind the scam.

So far, X has not announced a specific launch timeline for the automatic locking function.