X says that it has discovered a bribery campaign to get employees at the company to reactivate accounts associated with crypto scams that the site had taken offline. The company said paid middlemen served as intermediaries, putting forth illicit “unban” agreements for consideration to employees in charge of enforcement. Legal proceedings are in motion, and the platform adds it’s cooperating with “Relevant Authorities” to mitigate the activity of the network behind these efforts.
The disclosure highlights the escalating sophistication of scam operations, which target not only users but also press on the internal controls of platforms. X did not say whether any bribes were paid or how many members of staff the group had approached.
What X Says It Discovered About Account Reinstatement Bribes
In a public statement, X described an operation where paid “middlemen” were used to petition X for the reversal of bans on accounts previously removed for fraud. The activity, the company said, was not confined to one platform — the same actors had been active on Instagram, TikTok, and YouTube, and even within gaming ecosystems like Minecraft and Roblox, reflecting the cross-platform behavior that is a key reason modern scam campaigns are so resilient.
Reinstating an account is a high-stakes decision on any social platform. And scammers can find a way back in, often with a patina of legitimacy that is difficult for users to spot, if an insider can be persuaded to override a ban on their accounts. That’s why trust-and-safety access controls, approvals, and audit trails have increasingly become a crucial line of defense.
The group believed to be behind the cross-platform bribery scheme
X linked the bribery attempts to an English-speaking group calling itself “The Com,” which has emerged in federal court filings and investigative reporting. The network of accounts has been linked by researchers to a mix of online harassment, financial fraud, SIM swapping, and high-profile intrusions. It’s also been reported to use teenagers to carry out plots, a tactic that can complicate prosecution across multiple jurisdictions and raise uncomfortable questions about culpability and grooming.
Officials have previously attributed individuals associated with “Scattered Spider” to serious incidents. Targets in recent cases, prosecutors said, have included corporate IT systems and public infrastructure, showing that financially motivated crews will readily pivot far away from crypto grifts when there’s leverage on tap.
Why bribery rings are zeroing in on Trust & Safety teams
Insider abuse is among the most effective ways to circumvent platform defenses. There’s long been a school of thought among some researchers at the CERT Division at Carnegie Mellon University that insider threats need different controls than those aimed at outside cyberattacks. For social platforms, that entails partitioning permissions, requiring multi-party approvals for sensitive actions, hardening internal tooling against abuse, and routinely red-teaming internal processes to find bypasses.
Black-market “unban services” have been circulating on messaging apps for years, with brokers promising to bring suspended accounts back online in exchange for a fee. The offers can range from straight scams (taking a victim’s money and leaving) to efforts to corrupt insiders. All it takes is one successfully paid bribe, and the fraud network can be back on its feet in no time — with forged “verified” profiles, synchronized hype around fake, worthless tokens, and links to drainer sites circulating again within an hour.
The scale and impact of the crypto scam problem today
Crypto fraud is still one of the most lucrative forms of online crime. According to the FBI Internet Crime Complaint Center, investment fraud is the number one category of reported losses, and crypto-related investment frauds represent a significant portion of these. Chainalysis, which monitors illicit blockchain flows, has also reported swings in sudden market boom-and-bust cycles, along with the explosion of romance-style “pig butchery” and extra-credulous investment pitches that start openly on mainstream social platforms before moving the gullible into private channels.
It’s because of these trends that adversaries are eager to regain restricted distribution channels. In crypto’s hype-driven markets, reach is revenue; a resurrected account with a large follower base can be much more valuable than any individual bribe payment.
What happens next for X, enforcement, and user safety
X says it has turned participants over to law enforcement and launched legal proceedings, though critical details remain unrevealed: how many attempts have been detected (if any), and whether any reinstatements actually took place. Look for the writing on the wall in future transparency reports: counts of insider-abuse investigations, volumes of enforcement actions appealed versus reversed, and any changes to internal approvals for restoring accounts.
Industry-wide cooperation will be essential. Because they migrate among the same networks, joint takedowns, shared indicators, and faster cross-company escalation can dull the “whack-a-mole” effect. The advice for users is familiar but crucial:
- Approach flashy token promotions and too-good-to-be-true giveaways with skepticism.
- Verify accounts through multiple sources.
- Keep in mind that no legitimate support teams will ask for payment or private keys.
The takeaway is grim: as platforms increase the price of external attacks, fraudsters will probe ever deeper at the humans behind them. Whether X’s legal responses and process changes raise the bar — or merely highlight how much more needs to be done — will turn on just how transparently the company delivers, and how rapidly the wider ecosystem closes ranks.
