Issue #1 ·
Frontier Watch #1 — Drainer signatures, fake-support DMs, and the 'recovery' second hit
The first dated issue of the un-bought Frontier Watch. Patterns currently in circulation, one approval-exploit mechanism dissected, one tool re-checked, and one myth killed — all pattern education with cited primary sources, never accusations against named parties.
Scam patterns currently in circulation
Pattern education, not accusations: each item describes a reproducible mechanism with a cited primary source — we never name and accuse an unproven entity.
Wallet-drainer 'claim / migrate / verify' approval prompts
How it works: A lookalike site or pop-up tells you to 'claim an airdrop', 'migrate your tokens', or 'verify your wallet'. The button does not move funds — it asks you to sign an approval (an ERC-20 allowance or set-approval-for-all) that lets a stranger's contract pull your tokens later, at a time of their choosing.
The tell: The wallet pop-up is an approval/permission request, not a plain send. Legitimate 'claims' almost never need blanket approval over your existing tokens or NFTs.
Verify like this: Read the signature request. If it says approve, permit, or setApprovalForAll for an unfamiliar contract, reject it. Review and revoke existing approvals on a block explorer's token-approval tool before you ever interact with a new site.
Primary source: What To Know About Cryptocurrency and Scams (Federal Trade Commission)
Read the full guideFake-support DMs after you post a problem in public
How it works: You post 'my transaction is stuck' or 'app won't load' in a public channel. Within minutes, an account using the project's logo direct-messages you 'support'. Real support is not a DM; the goal is to walk you toward a seed phrase, a remote-desktop session, or a 'validation' deposit.
The tell: Unsolicited DM, urgency, and at some point a request for your seed phrase, a screen-share, or a small 'unlock' payment. No legitimate support ever needs your seed phrase.
Verify like this: Never act on a DM. Close it, find the official support channel from the project's verified site, and start there yourself. Your seed phrase never leaves paper.
Primary source: Investor Alert: Fraudulent Digital Asset and Crypto Trading Websites (CFTC and SEC investor education offices)
Read the full guide'Recovery' offers that hit victims a second time
How it works: After a loss, an account or 'agency' promises to recover your stolen crypto for an up-front fee or by 'reconnecting' your wallet. The recovery is the second scam: pattern targets people who already lost funds and are desperate.
The tell: Up-front fee, guaranteed recovery, a request to connect or 'import' your wallet, or a demand for personal documents. Genuine recovery is rare and never guaranteed.
Verify like this: Report to official channels (your country's fraud reporting body; in the US, the FBI IC3). Do not pay anyone who guarantees recovery or asks you to connect a wallet.
Primary source: Public Service Announcement: Cryptocurrency Recovery Scams (FBI Internet Crime Complaint Center (IC3))
Read the full guideLong-game 'pig butchering' relationship-to-investment funnels
How it works: A friendly contact builds rapport over weeks (dating app, wrong-number text, social DM), then introduces a 'great' trading or yield platform. Early small withdrawals work to build trust; larger deposits cannot be withdrawn, and a 'tax' or 'fee' is demanded to release them.
The tell: A relationship that pivots to a specific investment platform, withdrawals that work small but fail large, and a release 'fee'. The platform exists only to take deposits.
Verify like this: Treat any investment introduced by a new online contact as a scam by default. A platform that demands a fee before letting you withdraw is the tell — your money is already gone.
Primary source: 2024 Internet Crime Report (FBI Internet Crime Complaint Center (IC3))
Read the full guideOne drainer / approval-exploit, dissected
Dissected: how a 'set-approval-for-all' signature drains an NFT wallet
Mechanism: On EVM chains, setApprovalForAll(operator, true) grants one address blanket permission to transfer every token in a collection you hold. A drainer dApp presents a benign-looking action ('enable trading', 'verify ownership') whose underlying call is exactly this. Once signed, the operator contract can sweep the approved tokens whenever it likes — the drain transaction can come hours or days after you signed.
Why it works: Approval and transfer are separated in time, so nothing visibly leaves your wallet at signing. The prompt's plain action label hides the contract-level meaning, and most wallets show the function name, not its consequence in words a beginner reads.
Defense: Before signing, read the method: approve, permit, permit2, or setApprovalForAll over your assets means STOP unless you fully trust the contract. Periodically review and revoke approvals via a block-explorer token-approval tool. Keep high-value holdings in a wallet you never connect to dApps.
Primary source: Ethereum wallets (Ethereum.org)
Guide: revoke risky approvalsOne tool / venue, re-checked
Our wallet-safety self-check and the approval-revocation guide
What we re-checked: We re-walked our own wallet-safety score and token-approval-revocation guide against the current crop of drainer prompts to confirm the steps still match what a beginner sees in 2026 wallets.
Finding: The guidance holds: the highest-leverage habit is still 'read the signature type, revoke stale approvals'. The drainer surface has shifted toward permit/permit2 gasless signatures, which our guide already flags.
What changed: We added emphasis that a gasless 'signature' (no network fee) can still authorize a drain — the absence of a fee is not proof an action is safe.
Primary source: Ethereum wallets (Ethereum.org)
One myth, killed
"A real recovery service can reverse a crypto theft if you pay them first."
Reality: On-chain transfers are final; there is no central operator who can claw them back. Services that guarantee recovery for an up-front fee are, in the pattern data, overwhelmingly a second scam aimed at people who already lost funds.
Why the myth persists: Loss makes people hopeful and rushed, and a confident 'we can get it back' answers exactly the wish a victim has. That emotional fit — not any technical reality — is what keeps the pattern profitable.
Primary source: Public Service Announcement: Cryptocurrency Recovery Scams (FBI Internet Crime Complaint Center (IC3))
Related guide