X is responding to a surge in crypto scams and phishing activity, according to Head of Product Nikita Bier. Here is the key context and why it matters for users.

Nikita Bier Says X Is Responding to Rising Crypto Scams and Phishing

Nikita Bier says X is building automatic account locks and ownership checks for accounts that talk about cryptocurrency for the first time, as the platform tries to blunt phishing-led takeovers that are later used to push scam tokens, fake announcements, and other opportunistic promotions.

What Nikita Bier Said About X’s Response

In an April 1, 2026 post, X Head of Product Nikita Bier said the company was implementing auto-locking and verification when a user posts about cryptocurrency for the first time in the history of that account.

Yeah we’re aware.

We are in the process of implementing auto-locking + verification if a user posts about cryptocurrency for the first time in the history of their account.

This should kill 99% of the incentive, especially since Google isn’t doing shit to stop the phishing…

— Nikita Bier (@nikitabier) April 1, 2026

In the same post, Bier said the change should remove 99% of the incentive for attackers and explicitly connected the abuse pattern to phishing emails that compromise established accounts before those accounts suddenly promote crypto.

Bier sharpened that heuristic in a separate April 2, 2026 follow-up, saying that if an account with more than 10,000 followers abruptly drops a meme coin despite no earlier connection to crypto, X will require verification that the real owner still controls the profile.

That framing matters because it describes a feature under development rather than a live rollout. Neither Bier’s posts nor Decrypt’s follow-up reporting included a launch date, rollout scope, or technical specification for how the auto-locking workflow will operate.

How the Planned Check Fits X’s Existing Policy

X already had a policy basis for this direction before Bier’s posts. The platform’s April 2025 Authenticity policy bans phishing scams and separately prohibits malicious or deceptive links designed to steal credentials or compromise a person’s privacy.

The same Authenticity policy says enforcement can include warnings, reach restrictions, suspensions, and account locks that force suspicious users to complete extra checks, so the planned crypto trigger would extend tools X already uses rather than create a wholly separate enforcement category.

Decrypt linked Bier’s posts to a recent incident in which a false death hoax around Jonathan the tortoise was later used to market a Solana meme coin, illustrating the hacked-or-impersonated-account pattern X says it wants to interrupt.

Why Crypto Phishing on Social Platforms Is a Security Issue

Scams and phishing overlap but are not identical. A scam is the fraudulent pitch itself, while phishing is the credential-theft step that lets an attacker hijack a trusted account and use that reputation to distribute the scam. Recent security analysis across crypto, including Ledger CTO Says Drift Attack Method Matches Bybit Hack, shows why platforms are focusing on the takeover path rather than only the final token promotion.

That is especially relevant on social platforms because compromised accounts already have followers, message history, and audience trust. Bier’s first-time crypto posting rule is effectively a behavioral tripwire aimed at accounts whose publishing pattern suddenly changes after a takeover.

Bier also framed the move as a response to rising abuse, but claims of a broader surge in crypto scams on X remain unconfirmed because X has not published platform-wide incident data. Even so, the policy direction fits a broader climate in which platforms face pressure to show tighter controls around speculative products and user harm, a theme that also runs through Illinois Prediction Market Lawsuit Hits Kalshi, Polymarket.

Reaction and the Risk of False Positives

Immediate reaction was split, with Yahoo Tech’s item carrying BeInCrypto reporting noting that some users saw the extra friction as overdue while others warned the approach could drift into censorship or false positives for legitimate newcomers discussing crypto for the first time.

That tradeoff is real because a first-time crypto post is only a signal, not proof of abuse. X will need the ownership check Bier described in his April 2 follow-up to separate hacked profiles from genuine users, especially when security failures and rumor-driven trading already spread quickly across crypto timelines, as seen in episodes such as Drift Loses $285 Million: Fatal Blow to Bear-Market DeFi?.

For now, the clearest takeaway is narrower than some early rewrites suggest: X has signaled a targeted anti-phishing control for first-time crypto posting, but the company has not yet published when the system will go live or how often legitimate accounts may be challenged before posting.

Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency and digital asset markets carry significant risk. Always do your own research before making decisions.