Token Approvals Explained (and How to Revoke Them)

Every time you use a DeFi app, you usually grant it permission to spend a token from your wallet — a “token approval.” These approvals don't expire on their own, and a forgotten or malicious one can drain your wallet months later. Understanding and cleaning up approvals is one of the most overlooked safety habits in crypto.

What a token approval is

To swap or stake a token, a smart contract needs permission to move it on your behalf. Many apps request unlimited approval for convenience, meaning the contract can move all of that token, any time, forever — until you revoke it.

Why old approvals are dangerous

• If a project you approved is later hacked, attackers can use your old approval to drain that token.
• A malicious dApp can request an approval that looks routine but hands over everything.
• You may have dozens of forgotten approvals from apps you used once.

How to revoke approvals

1. Use a reputable approval-checker tool (such as revoke.cash) connected to your wallet.
2. Review the list of contracts that can spend your tokens.
3. Revoke anything you don't recognise or no longer use.
4. Repeat this every few months as a habit.

Prevention going forward

• Prefer apps that request only the amount needed, not unlimited.
• Use a separate wallet for experimenting with new dApps.
• Read every approval request before signing.

Avoid the bait

Most malicious approvals ride on a scam token or fake site. ChainInspector Suite lets you research a token before you ever connect, so you avoid the trap in the first place.