X Takes Strong Action: First Crypto Post Tweets to Be Automatically Locked, Requiring Identity Verification to Unlock
- Core Viewpoint: To combat rampant crypto scams, X platform will deploy a radical product-level solution: any account's first post containing cryptocurrency content will be automatically locked and require identity verification. This aims to "eliminate 99% of malicious intent" by increasing the operational cost for hackers.
- Key Elements:
- The policy directly targets the current primary scam model: hackers steal high-follower accounts via phishing emails and leverage their credibility to promote fake tokens for quick cash-outs.
- The core logic of this mechanism is economic deterrence, rendering compromised accounts immediately ineffective after posting crypto content, thereby significantly reducing the return on investment for account theft.
- The crypto scam situation is severe. Data shows that on-chain scam fund inflows reached $14 billion in 2025, and phishing attacks alone caused over $311 million in losses in January 2026.
- This policy is part of X platform's comprehensive anti-scam measures. The platform has previously cleaned up millions of spam bot accounts and launched account transparency tools.
- The policy announcement comes against the backdrop of a series of high-profile scam incidents recently, such as the scam where a veterinarian's account was impersonated to promote the "JONATHAN" meme coin, causing investor losses.
Original Author: TechFlow
Odaily Introduction: Nikita Bier, Product Lead at X, announced that the platform is deploying a new mechanism: any account posting cryptocurrency-related content for the first time will be automatically locked and required to undergo identity verification. Bier claims this move will "kill 99% of the incentive" for malicious actors. This policy directly targets the most rampant scam model today: hackers steal accounts via phishing emails and then exploit the trust of the account's followers to promote fraudulent tokens.
Main Text:
Crypto scams have become the most persistent security issue on the X platform, and the platform is preparing to roll out its most aggressive product-level countermeasure to date.
According to a Crypto Briefing report on April 2nd, X Product Lead Nikita Bier announced on April 1st in response to a user who suffered a phishing attack that X is deploying an automatic lock mechanism: when any account posts cryptocurrency-related content for the first time in its history, the system will automatically lock the account and require identity verification. Only after passing verification can the account continue posting.
Bier wrote in the original post: "This should kill 99% of the incentive, especially since Google isn't doing shit to stop the phishing." He also pointed the finger at Google, criticizing its failure to effectively block phishing emails at the Gmail level, stating that X's automatic lock is essentially a remedy for Google's security shortcomings.
Phishing Attacks Become Primary Vector for Crypto Scams, Compromised Accounts Turned into "Pump Tools"
What prompted Bier's statement was the personal experience of Benjamin White, founder of the prediction market platform Predictfully. According to a TheStreet report, White detailed on X on April 1st how his account was compromised: attackers lured him with a phishing email disguised as a copyright infringement notice to click on a fake login page, stealing his login credentials including two-factor authentication codes. The attackers then locked his account and used it to promote a fake crypto project. Even worse, the hackers demanded a $4,000 "ransom" for the account.
This attack model has now become highly industrialized. The typical hacker workflow is: send phishing emails disguised as official notifications (copyright warnings, security alerts, etc.), trick users into entering credentials on meticulously crafted fake login pages, steal the account, immediately post promotions for fake tokens or phishing links, and quickly cash out by exploiting the trust of the original account's followers. Because cryptocurrency transactions are irreversible, once victims fall for the scam, their funds cannot be recovered.
According to Chainalysis's annual crypto crime report released this year, on-chain scam inflows reached at least $14 billion in 2025, a significant increase from $9.9 billion in 2024. CertiK data shows that in January 2026 alone, phishing attacks caused over $311 million in losses, with a single victim losing $284 million due to a social engineering attack.
Turning Compromised Accounts into "Dead Cards"
Bier's strategy targets a key link in this profit chain: rendering compromised accounts completely worthless for crypto promotion.
The specific mechanism is as follows: If an account that has never posted crypto content suddenly starts promoting tokens, the system will automatically trigger a lock and identity verification process. According to further explanations by Bier cited by Bitget, he specifically named a typical scenario: "If you have over 10,000 followers but zero history of crypto activity and suddenly start promoting a meme coin, that's 100% a scam. We'll detect that behavior and require verification of account ownership to reduce hijacking."
The core logic of this mechanism is economic: the primary goal of hackers stealing accounts is to use the follower base to promote fake tokens. If a compromised account gets locked as soon as it posts crypto content, the return on investment for the entire account theft operation deteriorates significantly, undermining the incentive for malicious acts at the source.
X's Anti-Scam Combination Punch
The automatic lock for first-time crypto posts is just one part of X's anti-scam strategy.
According to TheStreet, users commented under Bier's post that scam accounts often @ mention 50 users at once in spam attacks. Bier responded that such bulk mentioning "should already be blocked," but based on user feedback, the actual blocking effectiveness still has room for improvement.
Furthermore, X will increase monitoring for account hijacking. Compromised accounts posting scam content are one of the primary vectors for crypto scams on the platform. According to Bitget, the new verification system will also target bot accounts impersonating legitimate crypto companies. These accounts often reply under official posts, posing as customer service to lure victims.
Since joining X as Product Lead in July 2025, Bier has led multiple rounds of anti-spam campaigns. In October last year, X purged 1.7 million bot accounts engaged in reply spam; in the same month, it launched an account transparency tool publicly displaying metadata like account registration country and username change history. In January this year, X also imposed restrictions on InfoFi-type applications (platforms that monetize information and user interactions), citing that such accounts heavily post low-quality AI-generated content and reply spam.
Timing-wise, Bier's statement coincides with a widely noticed scam incident. According to a TradingView report citing Cointelegraph, a scammer recently impersonated the veterinarian responsible for the health of the 193-year-old tortoise "Jonathan" on social media to promote a Solana-based meme coin "JONATHAN." The token surged over 6000% before rapidly crashing. Media outlets like BBC later exposed the scam.
As of now, X has not announced a specific timeline for the rollout of this automatic lock feature.
