X's New 'Scam Kill Switch': First-Time Crypto Posters Get Auto-Locked

X is rolling out a new security measure to shut down the rampant crypto phishing attacks that plague the platform. The company will now auto-lock any account that mentions cryptocurrency for the first time ever, according to Head of Product Nikita Bier. Users caught by this filter will need to pass additional verification before posting again. It's like making your grandma pass a DeFi quiz before she can tell you about Bitcoin at Thanksgiving dinner.

Bier didn't mince words: "This should kill 99% of the incentive," he wrote, referring to the current wave of phishing attacks that hijack accounts to push scam tokens. Apparently, the remaining 1% will keep grinding because, well, that's just how degens are built.

The feature was unveiled after an X user shared a detailed account of losing control of their account through a phishing email disguised as a copyright violation notice. The attacker used a pixel-perfect fake login page to harvest two-factor codes, then locked the user out and started promoting fraudulent crypto projects from their compromised account. Honestly, these phishing pages are getting so good you'd swipe right on them.

These attacks have been endemic on X, long before Elon Musk took over. The classic "double your money" scam remains popular, tricking users into sending crypto with promises of returns. Nothing says "trust me bro" quite like a reply guy promising 10x gains in a thread. Fake memecoins and fraudulent airdrops also run wild, often boosted by hijacked accounts to appear legitimate.

Impersonation is a favorite weapon. Scammers spoof major personalities to dupe followers into clicking malicious links mimicking real crypto platforms. Since crypto transactions are irreversible, victims have zero recourse once funds are gone. Unlike TradFi, where you can yell at a banker for six months and maybe get your money back, in crypto you're just rugged with love.

The most notorious incident came in 2020, when hackers breached Twitter's internal systems and took over accounts belonging to Apple, Barack Obama, and Elon Musk. They promoted a fake bitcoin giveaway, netting over $100,000 before the posts were removed. The perpetrator got five years. Meanwhile, the guy who bought a pizza with 10,000 BTC is out here living his best life, so really, who's the real criminal here?

X has tried bot purges, API restrictions, and behavioral detection. This latest move targets the root problem: making hijacked accounts useless for scammers. Bier also pointed fingers at Google, accusing the tech giant of failing to block phishing emails at the source. Because if there's one thing big tech loves, it's passing the accountability volleyball while phishing sites serve as the net.