Author：TechFlow

Author: Deep Tide TechFlow

Deep Tide Guide:Nikita Bier, product lead at platform X, announced that the platform is deploying a new mechanism: any account that posts cryptocurrency-related content for the first time will be automatically locked and require identity verification, a move she claims will "eliminate 99% of malicious intent." This policy directly targets one of the most rampant scams: hackers steal accounts via phishing emails and then exploit the trust of their followers to promote fake tokens.

text:

Crypto fraud has become the most persistent security problem on the X platform, and the platform is preparing to implement its most radical product-level solution to date.

According to Crypto Briefing on April 2, Nikita Bier, the product manager of X, announced on April 1 in response to a user who had experienced a phishing attack on the X platform that X is deploying an automatic locking mechanism: when any account posts cryptocurrency-related content for the first time in its history, the system will automatically lock the account and require identity verification before it can continue posting.

In his original post, Bier wrote, "This should kill 99% of the incentive, especially since Google isn't doing shit to stop the phishing." He also pointed the finger at Google, criticizing its failure to effectively block phishing emails at the Gmail level, saying that X's automatic locking is essentially a remedy for Google's security shortcomings.

Phishing attacks have become a major tool for cryptocurrency scams, with stolen accounts being used as "crypto-pushing tools."

What triggered Bier's statement was a personal experience shared by Benjamin White, founder of the prediction market platform Predictfully. According to TheStreet, on April 1st, White detailed on the X platform how his account was hacked: attackers lured him into clicking on a fake login page disguised as a copyright infringement notice, stealing his login credentials, including two-factor authentication, then locking his account and using it to promote a fake crypto project. Even worse, the hackers demanded a $4,000 "ransom" for his account.

This attack pattern is now highly industrialized. A typical hacker's procedure involves sending phishing emails disguised as official notifications (copyright warnings, security alerts, etc.), tricking users into entering credentials on a meticulously crafted login page, stealing the account, and immediately posting fake token promotions or phishing links to quickly cash out using the original account's existing customer trust. Because cryptocurrency transactions are irreversible, once a victim falls for the scam, their funds cannot be recovered.

According to Chainalysis' annual crypto crime report, on-chain fraud funds will reach at least $14 billion in 2025, a significant increase from $9.9 billion in 2024. CertiK data shows that in January 2026 alone, phishing attacks caused over $311 million in losses, with a single victim losing $284 million due to social engineering attacks.

The stolen account was rendered useless.

Bier's strategy targets a key link in this profit chain: rendering stolen accounts completely worthless in the context of crypto promotion.

The specific mechanism is as follows: If an account that has never published any crypto content suddenly starts promoting a token, the system will automatically trigger a lockout and identity verification process. According to Bitget, citing Bier's further explanation, he specifically named a typical scenario: "If you have over 10,000 followers but have never had any crypto-related activity history, and suddenly start promoting a meme coin, that's 100% a scam. We will detect this behavior and require verification of account ownership to reduce hijacking."

The core logic of this mechanism is based on economics: the primary purpose of hackers stealing accounts is to use their fan base to promote fake tokens. If the stolen accounts are locked as soon as they publish encrypted content, the return on investment of the entire account theft will be greatly reduced, thus undermining the motive for wrongdoing at its source.

X's Anti-Fraud Combination

Automatically locking the first encrypted post is just one part of X's anti-fraud strategy.

According to TheStreet, some users reported in the comments section of Bier's post that scam accounts frequently @tag 50 users at once to launch spam attacks. Bier responded that this type of bulk tagging "should already be blocked," but based on user feedback, there is still room for improvement in the actual blocking effectiveness.

Furthermore, X will increase its monitoring of account hijacking. Stolen accounts posting fraudulent content are one of the most prevalent forms of crypto scams on the platform. According to Bitget, the new verification system will also target bot accounts impersonating legitimate crypto companies; these accounts typically reply to official posts, posing as customer service representatives to lure victims.

Since joining X as Product Manager in July 2025, Bier has spearheaded multiple anti-spam campaigns. Last October, X eliminated 1.7 million bot accounts engaged in replying to spam messages; in the same month, it launched an account transparency tool that publicly displays metadata such as the account's registered country and username change history. This January, X also imposed restrictions on InfoFi-like applications (platforms that monetize information and user interactions) because these accounts were posting a large amount of low-quality AI-generated content and replying to spam messages.

From a timing perspective, Bier's statement coincided with a widely publicized scam. According to TradingView, citing Cointelegraph, a scammer recently impersonated a veterinarian caring for the 193-year-old tortoise "Jonathan," promoting a Solana-based meme coin called "JONATHAN" on social media. The token initially surged by over 6000% before quickly collapsing. The BBC and other media outlets subsequently exposed the scam.

As of now, X has not announced a specific timeline for the rollout of this auto-lock feature.