By the end of this you will recognize the five standard ways newcomers get robbed on sight, because each one has a fixed anatomy and they all share the same skeleton underneath.
Picture someone who did everything you have done so far. They opened a wallet, held their own keys, made their first trades. Then one evening a message arrived that felt urgent and official, they followed it, signed one thing without reading it, and by morning the wallet was empty.
It is tempting to call that bad luck or carelessness. It was neither. Almost every newcomer who gets robbed is robbed by one of five predators, and each predator hunts the same way every time. This checkpoint is the field guide. Learn the five shapes and the evening above stops being a mystery and becomes something you can see coming.
Most safety advice is a long list of things not to do, and a list is impossible to hold in your head at the moment it matters. A field guide is different. It teaches you a small number of shapes so well that you recognize them in any costume.
There are five predators worth knowing. They rename themselves constantly, they dress up in new logos and new stories, but the underlying shape never changes. Learn the five shapes once and you spend the rest of your time here recognizing old animals in new clothes.
Here they are by name, before we open any of them up. Five predators, and you will look at each one closely in the steps that follow. For now, get the shape of each in a single sentence.
Tap each row on the board to see how that predator hunts.
The first predator wears a helpful face. It shows up as fake support in your messages, a fake wallet popup that asks you to verify, or a fake claim page promising free tokens, and every version ends at the same door: it asks you to type your seed phrase or private key.
You already know why this is fatal. Back in checkpoint 10 you learned that real apps ask you to sign, never to reveal the key, because they do not need the secret to get your approval. So the ask is the attack. The popup, the agent, the claim page are all just costumes on a single request: hand over the words. The moment something asks for them, the species is named, no matter how official it looks.
The second predator never asks for your words at all, which is exactly why it catches people who learned to guard the seed phrase. To use most tokens on a site, you grant the site an approval: a signed permission that lets its contract move those tokens on your behalf. That is a normal, necessary motion in this space.
The drainer abuses it. The site asks you to approve, the approval is malicious or far larger than it needs to be, and once you sign, the contract can pull your tokens whenever it likes. Signing felt harmless because nothing left your wallet in that moment. Predict what you actually handed over, and why blind signing is the real danger here.
The third predator does not steal from your wallet directly. It builds something that looks alive, gets you to buy in, and then collapses on purpose. The team mints a token, hypes it hard, attracts buyers into the pool, and then pulls the liquidity or dumps their own supply, leaving holders with a token that cannot be sold for anything.
You are not defenseless against this, because you already learned to read the plumbing. In checkpoint 16 you asked who holds the supply and whether it can flood the market. Add one question for the pool: is the liquidity locked, or can the team withdraw it whenever they choose? A concentrated supply in the team's hands plus an unlocked pool is a rug waiting to be pulled.
The fourth predator is the quietest, because from the outside everything works. You can buy the token, the price looks active, other wallets are buying too. The trap is not on the way in. It is on the way out: the contract contains a rule that blocks you, and only you, from selling.
This is the one predator your normal senses cannot catch, because the bait behaves perfectly until you try to leave. Catching it before you buy means reading the contract code or running it through a simulator that tests whether a sell would actually go through. It is the clearest reason the code is the truth, and the marketing is just a story told over the top of it.
The fifth predator is impersonation: a typosquatted domain one letter off the real one, a fake app in a store, a sponsored ad that sits above the genuine site and looks identical. It does not invent a new trick. It borrows the trust of something real so you lower your guard, then hands you to one of the other four.
And that points at the lesson underneath all five. Strip the costumes off and every predator has the same skeleton: urgency to stop you thinking, authority to make you comply, and an ask that quietly breaks a mechanic you already understand. Reveal your words. Approve a contract you did not read. Buy right now before it is gone. Once you see the skeleton, you stop memorizing scams and start recognizing the shape.
Here is a real-shaped lure. A sponsored ad sits at the top of your search results for a project you actually follow. It announces an official airdrop, says the claim window closes in ten minutes, and asks you to connect your wallet and approve a contract to receive your tokens.
You are not guessing anymore. You have five shapes and one skeleton. Read the lure and say what is hunting you, and how you know.
It is easy to walk out of a lesson like this convinced the only safe move is to touch nothing, connect nowhere, and trust no one. That feels like the cautious choice, but it quietly fails you in the other direction.
So that is the field guide. Five predators, each with a fixed way of hunting: seed phishing asks for your words, the approval drainer gets you to sign a spend permission, the rug pull collapses a hyped project on purpose, the honeypot lets you buy but blocks the sell, and impersonation borrows the costume of something real. Under all of them, the same skeleton: urgency, authority, and an ask that breaks a mechanic you understand.
Recognizing a predator is one thing. Having a habit that catches them every time, even one you have never seen before, is the next thing. That habit is a short list you run before you ever sign or connect, the way a pilot runs the same check before every flight.
Next: security as judgment, and the four questions to ask before you sign anything.