Elon Musk’s X is rolling out a new “kill switch” aimed squarely at crypto scammers: the platform will automatically lock any account the first time it posts about cryptocurrency, forcing verification before the message goes live. Nikita Bier, X’s head of product, announced the measure on April 1, saying it should remove “99% of the incentive” for one of the site’s most persistent fraud vectors.
Bier’s post came in response to Benjamin White, founder of prediction market Predictfully, who described losing control of his account after falling for a phishing email disguised as a copyright notice. That attack — a fake login page that captured both the password and the two-factor authentication code in real time — is exactly the exploit X intends to interrupt. Hijacked accounts are typically put to immediate use for fake crypto giveaways and promotional scams, a standardized playbook among organized fraud networks on the platform.
X’s auto-lock targets a telltale scam signature: accounts with no history of crypto discussion that suddenly post promotional or transactional crypto content. By blocking such first-time crypto posts and requiring verification, X adds friction at the precise moment hijacked accounts are most valuable to scammers. The measure won’t affect accounts that already have a prior history of discussing cryptocurrency.
The move comes amid a spike in crypto-related fraud on X through 2026. In March, on-chain investigator ZachXBT revealed a coordinated cluster of more than ten accounts using war-related panic posts to funnel victims into fraudulent crypto schemes, reportedly netting six-figure returns. And in September 2025, X exposed a bribery ring in which scammers paid intermediaries to reinstate suspended crypto-fraud accounts — a revelation that led X to pursue legal action.
Bier also flagged a broader weak link: phishing emails delivered by third parties, particularly via Google, which she said hasn’t done enough to stop the trick. While the auto-lock can block much of the downstream abuse, X acknowledged it can’t fully eliminate the threat until the phishing problem is addressed at the source.
Read more AI-generated news on: undefined/news
