TLDR
- X plans to automatically lock accounts that refer to cryptocurrencies for the first time.
- Locked out users will need further verification before posting again.
- The move targets compromised accounts used to promote scam codes.
- X says the feature is aimed at reducing cryptocurrency phishing campaigns.
- Critics say legitimate cryptocurrency posts could be flagged for the first time.
The According to statements from X Head of Product Nikita Bier, the platform will automatically close any account that mentions cryptocurrency for the first time in its publication history. The account holder will then need to complete an additional verification process before posting again.
This planned action comes as crypto-phishing campaigns continue to target social media users, especially on large platforms, where compromised accounts can quickly reach wide audiences. In many cases, attackers take control of created profiles and use their credibility to promote scam codes, fake airdrops, or links to fraudulent websites. By limiting first-time cryptocurrency posts from accounts with no prior history on the topic, X aims to make hijacked profiles less useful to scammers.
Nikita Beer, head of product at pic.twitter.com/hlddg0qlMh
— Wu Blockchain (@WuBlockchain) April 2, 2026
Pierre said the feature is designed to remove the main incentive behind these attacks. He made this comment in response to a user account describing how a phishing email disguised as a copyright notice led to a stolen login session. The user said the attacker used a fake login page that closely resembled the real one, collected two-factor authentication codes, and then took over the account to promote fraudulent cryptocurrency content.
New rule targets a common fraud method
Crypto scams Its promotion through hacked social media accounts has been active for years and remains among the most visible threats to online retail users. One widely used method is the “double your money” scheme, where victims are asked to send cryptocurrency with the false promise of receiving a larger amount in return. Other scams promote fake meme coins, token launches, and fake airdrops designed to extract wallet credentials or direct payments.
Impersonation also remains a big part of the problem. Attackers often create or take over accounts that appear to be owned by public figures, companies, or well-known members of the cryptocurrency industry. These accounts may share links that appear legitimate, but instead lead users to phishing pages or fraudulent token offers. Since cryptocurrency transactions usually cannot be reversed, losses from these schemes are often permanent once the funds are transferred.
X has introduced other steps to combat abuse in recent years, including bot takedowns, stricter API controls, and systems that monitor suspicious behavior. The new auto-locking feature expands these efforts by focusing on sudden changes in posting behavior. An account that suddenly starts discussing cryptocurrencies for the first time may now face temporary restrictions until the platform confirms the user’s identity.
The verification procedure may affect some legitimate users
This approach aims to disrupt fraudulent campaigns before they spread, but may also impact legitimate users posting about digital assets for the first time. Some critics said the rule could lead to false positives if normal user activity is treated as suspicious by default. This concern may be especially relevant during periods of strong market interest, when new users often begin discussing cryptocurrency topics.
Supporters of the change say the additional verification is a practical step given the volume of account takeovers linked to fraudulent promotions. Temporary locking may slow malicious activity at the point where attackers are trying to use a trusted profile to attract attention and build credibility. For platforms dealing with fast-moving financial scams, speed is often key to limiting exposure.
Bear also criticized Google for… Phishing emailsSaying that email service providers share responsibility when phishing messages reach users and lead to credential theft. His comments linked the account takeover problem to broader vulnerabilities in phishing prevention that extend beyond social media platforms.
