The un-bought heartbeat

Frontier Watch

The one watch barred from touching your money — so the only one with no reason to lie to you. A dated, archived record of the crypto scam patterns currently in circulation, plus one approval-exploit dissected, one tool re-checked, and one myth killed. Every item is pattern education backed by a cited primary source, never an accusation against a named party.

Published bi-weekly — on the web first, then to the Dispatch. We started bi-weekly on purpose: a stale tracker is worse than none, so we prove the cadence before promising more.

Prefer a reader? This page is the web home of the Dispatch and is RSS-friendly — subscribe via our RSS feed or get each issue by email below. Every issue is published here first, then sent.

Issue #1 ·

Frontier Watch #1 — Drainer signatures, fake-support DMs, and the 'recovery' second hit

The first dated issue of the un-bought Frontier Watch. Patterns currently in circulation, one approval-exploit mechanism dissected, one tool re-checked, and one myth killed — all pattern education with cited primary sources, never accusations against named parties.

Scam patterns currently in circulation

Pattern education, not accusations: each item describes a reproducible mechanism with a cited primary source — we never name and accuse an unproven entity.

Wallet-drainer 'claim / migrate / verify' approval prompts

How it works: A lookalike site or pop-up tells you to 'claim an airdrop', 'migrate your tokens', or 'verify your wallet'. The button does not move funds — it asks you to sign an approval (an ERC-20 allowance or set-approval-for-all) that lets a stranger's contract pull your tokens later, at a time of their choosing.

The tell: The wallet pop-up is an approval/permission request, not a plain send. Legitimate 'claims' almost never need blanket approval over your existing tokens or NFTs.

Verify like this: Read the signature request. If it says approve, permit, or setApprovalForAll for an unfamiliar contract, reject it. Review and revoke existing approvals on a block explorer's token-approval tool before you ever interact with a new site.

Primary source: What To Know About Cryptocurrency and Scams (Federal Trade Commission)

Read the full guide

Fake-support DMs after you post a problem in public

How it works: You post 'my transaction is stuck' or 'app won't load' in a public channel. Within minutes, an account using the project's logo direct-messages you 'support'. Real support is not a DM; the goal is to walk you toward a seed phrase, a remote-desktop session, or a 'validation' deposit.

The tell: Unsolicited DM, urgency, and at some point a request for your seed phrase, a screen-share, or a small 'unlock' payment. No legitimate support ever needs your seed phrase.

Verify like this: Never act on a DM. Close it, find the official support channel from the project's verified site, and start there yourself. Your seed phrase never leaves paper.

Primary source: Investor Alert: Fraudulent Digital Asset and Crypto Trading Websites (CFTC and SEC investor education offices)

Read the full guide

'Recovery' offers that hit victims a second time

How it works: After a loss, an account or 'agency' promises to recover your stolen crypto for an up-front fee or by 'reconnecting' your wallet. The recovery is the second scam: pattern targets people who already lost funds and are desperate.

The tell: Up-front fee, guaranteed recovery, a request to connect or 'import' your wallet, or a demand for personal documents. Genuine recovery is rare and never guaranteed.

Verify like this: Report to official channels (your country's fraud reporting body; in the US, the FBI IC3). Do not pay anyone who guarantees recovery or asks you to connect a wallet.

Primary source: Public Service Announcement: Cryptocurrency Recovery Scams (FBI Internet Crime Complaint Center (IC3))

Read the full guide

Long-game 'pig butchering' relationship-to-investment funnels

How it works: A friendly contact builds rapport over weeks (dating app, wrong-number text, social DM), then introduces a 'great' trading or yield platform. Early small withdrawals work to build trust; larger deposits cannot be withdrawn, and a 'tax' or 'fee' is demanded to release them.

The tell: A relationship that pivots to a specific investment platform, withdrawals that work small but fail large, and a release 'fee'. The platform exists only to take deposits.

Verify like this: Treat any investment introduced by a new online contact as a scam by default. A platform that demands a fee before letting you withdraw is the tell — your money is already gone.

Primary source: 2024 Internet Crime Report (FBI Internet Crime Complaint Center (IC3))

Read the full guide

One drainer / approval-exploit, dissected

Dissected: how a 'set-approval-for-all' signature drains an NFT wallet

Mechanism: On EVM chains, setApprovalForAll(operator, true) grants one address blanket permission to transfer every token in a collection you hold. A drainer dApp presents a benign-looking action ('enable trading', 'verify ownership') whose underlying call is exactly this. Once signed, the operator contract can sweep the approved tokens whenever it likes — the drain transaction can come hours or days after you signed.

Why it works: Approval and transfer are separated in time, so nothing visibly leaves your wallet at signing. The prompt's plain action label hides the contract-level meaning, and most wallets show the function name, not its consequence in words a beginner reads.

Defense: Before signing, read the method: approve, permit, permit2, or setApprovalForAll over your assets means STOP unless you fully trust the contract. Periodically review and revoke approvals via a block-explorer token-approval tool. Keep high-value holdings in a wallet you never connect to dApps.

Primary source: Ethereum wallets (Ethereum.org)

Guide: revoke risky approvals

One tool / venue, re-checked

Our wallet-safety self-check and the approval-revocation guide

What we re-checked: We re-walked our own wallet-safety score and token-approval-revocation guide against the current crop of drainer prompts to confirm the steps still match what a beginner sees in 2026 wallets.

Finding: The guidance holds: the highest-leverage habit is still 'read the signature type, revoke stale approvals'. The drainer surface has shifted toward permit/permit2 gasless signatures, which our guide already flags.

What changed: We added emphasis that a gasless 'signature' (no network fee) can still authorize a drain — the absence of a fee is not proof an action is safe.

Primary source: Ethereum wallets (Ethereum.org)

One myth, killed

"A real recovery service can reverse a crypto theft if you pay them first."

Reality: On-chain transfers are final; there is no central operator who can claw them back. Services that guarantee recovery for an up-front fee are, in the pattern data, overwhelmingly a second scam aimed at people who already lost funds.

Why the myth persists: Loss makes people hopeful and rushed, and a confident 'we can get it back' answers exactly the wish a victim has. That emotional fit — not any technical reality — is what keeps the pattern profitable.

Primary source: Public Service Announcement: Cryptocurrency Recovery Scams (FBI Internet Crime Complaint Center (IC3))

Related guide

Keep the watch un-bought

No exchange sponsorships. No paid placements. No signals.

Frontier Watch takes no money from any exchange, signal service, or casino, and recommends tools on fit, never commission. See exactly how that works on how we make money.