X Will Auto-Lock Accounts the First Time They Post About Crypto

X is implementing a new security layer that automatically locks any account the moment it posts about cryptocurrency for the first time in its history. The account owner will then need to complete identity verification before the post goes through or before the account can continue operating. The measure was confirmed by X Head of Product Nikita Bier on April 1, 2026, in direct response to a surge in phishing attacks hitting the platform.

The feature represents one of the most direct product-level responses X has made to the long-running crypto scam problem. Rather than reacting after an account has already been used to push fraudulent content, the system intercepts the action at the moment of the first crypto mention, forcing a verification checkpoint before any damage can be done.

How the System Works and Why It Targets First-Time Posters

The logic behind the auto-lock approach is based on a clear behavioral pattern that scammers consistently follow. Attackers gain access to established accounts through phishing attacks, then pivot those accounts toward crypto promotion. Accounts with no prior history of posting about crypto suddenly promoting meme coins or token launches are an almost certain indicator of account takeover.

Nikita Bier outlined the specific risk scenario the feature is designed to catch. If an account with more than 10,000 followers has no prior crypto activity and suddenly launches a post promoting a meme coin, that account will be flagged immediately and held for verification. Bier stated directly that an account with that profile "is always a scam," and that the system will detect it and require verification of account ownership to reduce hijacking attempts.

The trigger mechanism also targets bot accounts that impersonate legitimate crypto companies by replying to users' posts to lure them toward phishing links. These accounts have historically been created quickly, inflated with fake followers, and deployed under official posts to pass themselves off as credible representatives. The verification step is intended to make that process significantly harder to execute at scale.

Phishing Emails as the Entry Point

The immediate trigger for the policy came from a wave of phishing attacks using fake copyright emails. One documented case involved Predictfully founder Benjamin White, who received what appeared to be an official notice from X about a copyright infringement. The email matched X's formatting and tone closely enough to trigger concern, and after clicking the link, he entered his credentials and two-factor authentication code on a site that was a copy of the real X login page. His account was then taken over and used to promote fraudulent crypto content.

Bier acknowledged the phishing email problem in his public statement but pointed responsibility partly at Google, saying Gmail is failing to filter out these deceptive messages before they reach users. He said the new auto-lock system is designed to cut off the attack chain at the point of posting, even if the phishing email itself gets through, because the economic incentive behind account hijacking disappears once the first crypto post triggers a lock.

The Wider Pattern of Crypto Account Hijacking

The scale of the problem the feature is targeting is significant. X has faced repeated waves of compromised accounts being used to push fraudulent tokens and fake airdrops. One well-documented incident involved Canadian rapper Drake's account being used to pump a memecoin called ANITA to $5 million in trading volume. The Cardano Foundation account was also hacked and used to post fake news about an SEC lawsuit and launch a counterfeit token.

These cases illustrate how the tactic exploits the trust audiences have built with verified or well-known accounts. When a high-follower account with a strong reputation suddenly promotes a token, a portion of its audience follows based on that trust alone. The new policy is designed to neutralize that dynamic by removing the window between account takeover and successful crypto promotion.

In late 2025, X had already dismantled a bribery network linked to crypto scam accounts, where suspended users allegedly paid intermediaries to restore handles previously used for scam activity. The auto-lock feature builds on that crackdown with a prevention-focused layer that does not depend on after-the-fact enforcement.

Community Response and Implications for Web3

Reaction to the announcement has been divided. Supporters see it as a necessary step to clean up a platform that has long struggled with scam bots and phishing campaigns. Critics have raised concerns about overreach, pointing out that legitimate users posting about crypto for the first time could face unexpected friction and potential false positives.

Bier addressed the broader tension directly, stating that he wants crypto to grow on X but drew a clear line against tools and products that create incentives to spam, raid, and harass. His framing positions the auto-lock system not as an anti-crypto measure but as an attempt to protect the platform's usefulness for legitimate crypto communities, including web3 projects, game developers, and token communities that rely on X as a primary communication channel.

For blockchain gaming projects and web3 game studios that depend on X for token announcements, NFT launches, and community building, the verification requirement will add a step to posting crypto-related content for accounts without prior activity in the space. The practical effect on legitimate users remains to be seen, but the target is clear: eliminate the economic payoff for account hijacking before it reaches the audience.