WEB3DOJO

News

Token Approvals and How to Revoke Them: A Wallet-Safety Must

· 6 min read

Bottom line: the permissions you grant, you can revoke

When you "Approve" in DeFi or for an NFT, you grant that app's smart contract permission (an allowance) to move your tokens. It's convenient — but leaving an unlimited approval in place means that contract can keep withdrawing your tokens in the future. This is a primary doorway for wallet drainers (scams that empty your wallet).

Key points

- "Approve" = granting an app permission to move your tokens

- An unlimited approval lets the contract withdraw any amount later

- Tools like revoke.cash or Etherscan's Token Approval Checker remove unwanted permissions

- But revoking only stops future withdrawals — funds already drained cannot be recovered

Why approvals exist

On a blockchain, an app can't just move your tokens on its own. So before a swap or deposit, you sign "this contract may move this token." The catch: many apps request an unlimited approval to save you repeated steps. Once granted, it stays until you revoke it.

How to revoke

  1. Open revoke.cash (supports 100+ networks), or Etherscan's Token Approval Checker (etherscan.io/tokenapprovalchecker)
  2. Connect your wallet, or just paste your address (you can inspect without connecting)
  3. Review the approvals you've granted
  4. Revoke any you don't use or don't recognise (revoking itself costs gas)

If you suspect compromise (emergency)

1) Disconnect your wallet from all apps → 2) Revoke every approval on revoke.cash / Etherscan → 3) Move remaining funds to a fresh wallet. If your seed phrase may be exposed, stop using that wallet entirely.

The key limit: revoking can't undo the past

Revoking only stops future withdrawals

Revoking an approval stops a contract from moving your tokens going forward. Anything already withdrawn is settled on-chain and cannot be reversed. That's exactly why a regular "spring clean" of approvals — before damage is done — matters.

Prevention habits

  • Don't casually "Approve" on sketchy sites. Read the signing screen (which token, which contract, is it unlimited?)
  • Keep large balances off your everyday wallet — use a hardware wallet
  • Audit your approvals monthly and revoke what you don't need
  • For scam tactics, see the scam checklist

FAQ

Q. If I revoke, is it a hassle to use the app again? A. You just Approve again next time. Erring on the safe side, clear permissions you aren't using.

Q. Does a hardware wallet make approvals safe? A. The signing is safer, but if you approve a malicious contract, your funds still move. You still must read what you're approving.

Sources

  • Revoke.cash (check and revoke approvals): https://revoke.cash/
  • Etherscan Token Approval Checker: https://etherscan.io/tokenapprovalchecker
  • MetaMask, "How to revoke smart contract allowances / token approvals": https://support.metamask.io/

Related: how to make a wallet and private-key security.

Not financial advice

This article is for information only and is not investment advice. Crypto assets are volatile and carry risks including hacking. Do your own research and only use money you can afford to lose. Based on public information as of June 2026.

空(Sora)
  • 暗号資産・ブロックチェーン
  • 初心者向け解説 / Beginner-friendly
  • 中立・出典重視 / Source-backed

暗号資産・ブロックチェーンの初心者向け解説を担当する編集者です。中立性と一次情報(出典)を重視し、やさしさと正確さの両立を心がけています。投資の勧誘や助言は行いません。 A crypto & blockchain editor focused on beginner-friendly, source-backed explainers. Neutral, never financial advice.

This article is informational only and is not financial, investment, or trading advice. Prices are reference snapshots and may be outdated. Always do your own research.

Related