Key Takeaways
- X is adding an auto-lock and verification step for accounts that mention crypto for the first time.
- The move targets scam accounts that are hijacked and then pushed into crypto fraud.
- Head of Product Nikita Bier said the feature could remove most of the incentive behind this scam tactic.
- The change is meant to add friction at the moment fraudsters try to weaponize an account.
- The fix helps, but it does not solve phishing and account theft across the whole internet.
X is moving to make crypto scams harder to run on its platform by locking and verifying accounts before they can post about cryptocurrency for the first time. The idea is to stop stolen or newly hijacked profiles from being used as quick launchpads for fraud. According to X head of product Nikita Bier, the change is meant to wipe out most of the reward scammers get from this playbook.
Why X is making this move now
The push follows a familiar pattern. A scammer steals login details, takes over an account, and then starts posting crypto promotions that look legitimate because they come from an established profile. That kind of abuse is especially effective on social platforms, where users often trust accounts that appear real, aged, or previously active. X is trying to block that handoff before the scam message ever reaches the feed.
The trigger for the announcement came from a public case shared by Benjamin White, the founder of prediction market Predictfully. White said a phishing email disguised as a copyright notice led to a stolen login and a rapid takeover of his account. That kind of attack is not flashy, but it is dangerous because it uses ordinary trust signals against users. Once the account is compromised, the scam can spread fast.
How the new crypto scam kill switch works
Under the new approach, an account that has never posted about crypto before may be auto-locked and sent through verification before it can publish that first crypto-related post. That extra step matters because it interrupts the exact moment scammers try to cash in on a hijacked profile. Instead of letting the fraudster move instantly, X adds a checkpoint that should slow them down or stop them completely.
There is also a wider logic behind the feature. Scam operators often rely on speed. They steal access, post quickly, and try to pull victims in before the real owner notices anything is wrong. By forcing verification at the first crypto post, X is not just reacting to the scam after the fact. It is trying to make the scam harder to start in the first place. That is usually where good platform safety design begins.
What it fixes — and what it does not
This is a useful safeguard, but it is not a full solution. The feature appears to focus on accounts that have no history of crypto discussion and then suddenly pivot into it. That means long-running accounts already talking about crypto may not face the same friction. It also means the larger phishing chain still matters, because account theft often begins outside X, in email inboxes and fake login pages.
Bier also pointed to phishing protection as part of the broader problem, saying the company cannot fully control the whole scam pipeline on its own. That is the key takeaway here. Platform-side defenses can reduce damage, but they work best when paired with stronger login hygiene, better email security, and a healthy dose of caution from users. If a crypto post suddenly appears from a familiar account, that should still raise eyebrows.
Beyond this one update, the story says a lot about where online fraud is headed. Scammers are not just making fake accounts anymore. They are hijacking real ones, borrowing trust, and turning reputation into a weapon. X’s new lock-and-verify step is an attempt to break that pattern. It will not end crypto scams, but it could make one of the most common tricks a lot less profitable.
