Elon Musk’s IX is rolling out a security feature that will automatically lock any account that mentions cryptocurrency for the first time – requiring additional verification before reposting – a direct response to the many hacking campaigns that use public trust to promote scam tokens.
Summary
- IX Product Head Nikita Bier confirmed the automatic locking feature, saying it targeted the financial motive behind crypto phishing attacks on the platform.
- The move follows an increase in account hijacking incidents, including the April 1 compromise of Predictfully founder Benjamin White’s account, which was used to push fraudulent content and defraud the original owner of $4,000.
- Bier estimates that this feature should remove 99% of the motivation behind current phishing activities and called out Google for failing to block phishing emails at the Gmail level.
Automatic locking starts on the first cryptocurrency-related post of the account. Once activated, the account is locked, and the user must complete verification before regaining access. Bier described it as targeting the main attack vector: hackers gain account access through phishing emails, lock out the original owner, and use the trust established by the account’s followers to promote fake tokens, fake gifts, and memecoins.
“This should kill 99% of the incentive,” Bier wrote in response to a user’s account of how they lost control of their profile in a phishing attack disguised as a copyright infringement notice. The attacker used a fake pixel-perfect login page to harvest user credentials and two-factor authentication codes before locking them out and starting to promote the scam.
What is this for?
Crypto-linked account hacking on X has been a well-documented and ongoing problem since the days of platforms like Twitter. Automatic locking builds on the platform’s previous efforts to eliminate spamming campaigns and coordinated account behavior used in crypto-promotion. Long-time users who have never posted about cryptocurrency will face verification of their first post, while official accounts, Bier pointed out, can gain access quickly through the process.
Bier also publicly criticized Google for allowing phishing emails to reach users through Gmail. “Google doesn’t do shit to stop phishing,” he wrote — setting up automatic locking as a mechanism for an increasingly vulnerable platform level that X can’t directly control.
The US Federal Trade Commission has documented how crypto-communications scams have become a multibillion-dollar problem, where victims are often unable to recover money given the irreversibility of on-chain transfers. This structural fact is what makes hijacked accounts with followers’ trust so valuable to attackers – and what auto-lock targets by severing the link between account access and making quick money through crypto promotion.
Limitations
Critics have raised the alarm that the move only intervenes after an account has already been compromised by a phishing attack. If email providers don’t better filter phishing emails at the top, the chain of attacks remains the same. This feature could also create a conflict in the first legitimate crypto posts from established accounts, although Bier indicated that the verification process would be shorter for real users.
As widespread crypto hacking and phishing losses have shown improvement in recent months – with February 2026 recording the lowest monthly value since March 2025 – this week’s $285 million Drift Protocol exploit is a stark reminder that the topic’s risks remain high. X’s new feature addresses one specific and advanced attack vector within the largest crypto-related fraud ecosystem.
