X Plans Account Locks for First-Time Crypto Posts as Tortoise Memecoin Scam Exposes Platform Vulnerabilities

Social media platform X is weighing new security measures to combat crypto-related phishing attacks, with executives now considering auto-locking accounts that mention cryptocurrency for the first time and requiring identity verification before posting.

Nikita Bier, head of product at the platform formerly known as Twitter, announced the potential crackdown Wednesday following a high-profile scam involving a fake memecoin tied to Jonathan, a 193-year-old tortoise. The incident highlighted how easily bad actors exploit X's open structure to launch cryptocurrency schemes targeting unsuspecting users.

The Jonathan Memecoin Scam: A Case Study in Social Engineering

A scammer impersonated veterinarian Joe Hollins, who actually cares for Jonathan on the British territory of Saint Helena in the Atlantic. The fake account posted that the famous tortoise had died—and immediately promoted a Solana-based memecoin called JONATHAN to supposed mourners. The ruse worked temporarily: CoinMarketCap data showed JONATHAN surging over 6,000% during the social media frenzy before crashing spectacularly. At publication, the token traded at just $0.00007043.

The real Hollins quickly set the record straight. "Jonathan the tortoise is very much alive," he told The Guardian. "I believe on X the person purporting to be me is asking for crypto donations, so it's not even an April fool joke. It's a con."

X's Proposed Defense Against Crypto Scams

Bier's response was blunt about the scale of the problem. His proposed solution: auto-lock accounts mentioning crypto for the first time and demand verification. "This should kill 99% of the incentive, especially since Google isn't doing shit to stop the phishing emails," Bier stated on the platform.

The strategy targets a fundamental vulnerability in how scammers operate on X. They typically create new accounts or compromise existing ones to post malicious links directing users to fake tokens or phishing sites. By requiring verification on first crypto mentions, X aims to raise friction levels that discourage mass-scale attacks.

A Broader Pattern of Memecoin Manipulation

The Jonathan incident isn't isolated. Unauthorized memecoins have proliferated around high-profile figures, including Japanese Prime Minister Sanae Takaichi and US President Donald Trump. Hackers routinely gain access to legitimate X accounts to post fake token launches claiming to "double your money" or requesting crypto donations.

This vulnerability in the crypto ecosystem has become a vector for social engineering attacks. While impersonating an animal's veterinarian to launch a memecoin is admittedly creative, the underlying tactic—exploiting trust and timing to pump a worthless token—remains distressingly common across crypto trading communities.