Key Points
- First-time cryptocurrency posts on X will trigger automatic account suspension pending verification
- The security measure aims to stop phishing schemes where attackers compromise accounts to spread fake token promotions
- Product Director Nikita Bier claims this approach should eliminate “99% of the incentive” behind such attacks
- The implementation comes after numerous fraudulent copyright notices were used to capture user credentials and authentication codes
- X leadership has also pointed fingers at Google for inadequate phishing email protection through Gmail
Elon Musk’s social media platform X is implementing a new protective mechanism that will immediately suspend accounts posting about cryptocurrency for the first time. Users must go through a verification procedure before regaining posting privileges.
Nikita Bier, who serves as X’s Product Director, announced the initiative on the platform itself. He explained that the primary objective is to eliminate the profitability of account takeovers used specifically for cryptocurrency fraud.
“This should kill 99% of the incentive,” Bier stated, addressing the ongoing phishing campaign affecting X’s user base.
The declaration followed a user’s public account of being locked out through a deceptive email that mimicked a copyright infringement warning. The perpetrator deployed a counterfeit login interface to steal the victim’s account credentials and two-factor authentication information.
After gaining entry, the attacker prevented the legitimate owner from accessing their account and began distributing fraudulent cryptocurrency schemes to the account’s audience.
Understanding the Attack Method
These security breaches share common characteristics. An attacker gains control of an account, then leverages it to distribute counterfeit memecoins, bogus airdrops, or cryptocurrency doubling schemes. The established reputation of a genuine account increases the likelihood of follower engagement.
Cryptocurrency transfers are irreversible by design, leaving victims with no recourse to retrieve stolen funds after transmission.
The most notorious incident of this attack type occurred in 2020. Cybercriminals penetrated Twitter’s administrative systems and commandeered verified profiles including Apple, Barack Obama, and Elon Musk.
These compromised accounts promoted a fraudulent Bitcoin giveaway that accumulated more than $100,000 before removal. The perpetrator ultimately received a five-year prison sentence.
Platform-Wide Security Enhancements
X has maintained ongoing efforts to combat fraudulent operations. Previous initiatives included automated bot elimination campaigns, stricter API restrictions, and enhanced pattern recognition systems.
Toward the end of 2025, X announced the dismantling of a corruption scheme involving cryptocurrency scam operations. Banned users reportedly attempted to compensate middlemen to bribe X employees for account reinstatement.
The newly introduced auto-suspension mechanism extends these efforts by intercepting scams at their origin point. When compromised accounts cannot discuss cryptocurrency without triggering security protocols, their utility to criminals diminishes significantly.
Bier emphasized his support for authentic cryptocurrency discussions on X, distinguishing them from schemes that “create incentives to spam, raid, and harass.”
He additionally called out Google specifically, arguing that Gmail’s spam filters are failing to block phishing attempts before they reach user mailboxes, suggesting the technology company shares accountability.
The auto-suspension capability remains in development with a launch anticipated in the near future.
