How to Revoke Token Approvals and Secure Your Wallet (2026)
Welcome to 2026. Your wallet is likely connected to dozens of dApps—Uniswap, OpenSea, Aave, and countless others. Each time you interact with these platforms, you may have unknowingly granted them permission to spend your tokens. These permissions, called token approvals, can be a major security risk if left unchecked. This guide will teach you what they are, why they’re dangerous, and how to revoke them in 5 easy steps.
What Are Token Approvals?
When you swap tokens on a decentralized exchange (DEX) or mint an NFT, the smart contract needs permission to move your tokens. This is done via an approve() transaction. In simple terms, you’re saying: “I allow this smart contract to spend up to X amount of my token Y.”
Example: You approve Uniswap to spend 100 USDC. The contract can now move that USDC on your behalf. The approval remains active until you revoke it or the token is spent.
Why Are They Dangerous?
Old, unused approvals are a hacker’s best friend. Here’s why:
- Unlimited approvals: Many dApps ask for an “infinite” approval (e.g.,
max uint256). If the dApp’s contract gets exploited, a hacker can drain all your tokens. - Forgotten permissions: You might have approved a sketchy site months ago. That approval is still active.
- Phishing attacks: Malicious sites trick you into approving a contract that steals your tokens.
The fix: Regularly check and revoke unused or suspicious approvals. This is a core part of wallet security.
Step 1: Understand the Tools
You don’t need to be a developer. Three main tools help you revoke approvals:
- Revoke.cash (most user-friendly, cross-chain)
- Etherscan (for Ethereum mainnet)
- Chain-specific tools (e.g., BscScan for Binance Smart Chain, Polygonscan for Polygon)
What you’ll need:
– A web3 wallet (MetaMask, WalletConnect, Rabby, etc.)
– A small amount of native gas token (ETH, BNB, MATIC) for the revocation transaction.
Step 2: Use a Token Approval Checker
Before revoking, you need to see what approvals you have. A token approval checker scans your wallet and lists all active allowances.
Using Revoke.cash (recommended for beginners):
- Go to revoke.cash.
- Click “Connect Wallet” (top right).
- Select your wallet (MetaMask, WalletConnect, etc.).
- The dashboard will automatically scan your wallet for approvals.
- You’ll see a list like this:
[Image: Revoke.cash dashboard showing a list of token approvals with columns for Token, Spender, Amount, and Action buttons]
- Token: Which token is approved (e.g., USDC, ETH, LINK).
- Spender: The contract or dApp that can spend it.
- Amount: The approved limit (often “Unlimited”).
- Actions: “Revoke” button for each approval.
Step 3: Revoke via Revoke.cash
Now, let’s clean up.
-
Identify dangerous approvals:
– Look for “Unlimited” amounts.
– Look for unknown or suspicious spenders (e.g., a random contract address).
– Old approvals you no longer use (e.g., a DEX you tried once). -
Click “Revoke” next to an approval you want to remove.
-
Confirm in your wallet:
– A MetaMask pop-up will appear.
– Review the transaction details: you’re callingapprove()to set the allowance to 0.
– Click Confirm. -
Wait for confirmation:
– The transaction will take a few seconds to a minute.
– Once confirmed, the approval disappears from the list.
Pro tip: Revoke in batches to save gas. Some tools allow batch revocations, but for beginners, do one at a time.
Step 4: Revoke via Etherscan (Ethereum Only)
If Revoke.cash doesn’t support your chain or you prefer a direct method, use Etherscan.
- Go to etherscan.io.
- Enter your wallet address in the search bar.
- Scroll down to “Token Approvals” (under the “More” dropdown on mobile).
- You’ll see a table similar to Revoke.cash.
[Image: Etherscan Token Approvals section showing a table with Token, Spender, and Approved Amount]
- Click “Revoke” next to an approval.
- Connect your wallet when prompted.
- Confirm the transaction.
Note: Etherscan may require you to sign a message first to verify ownership. This is safe—it’s a signature, not a transaction.
Step 5: Use Chain-Specific Tools
For other blockchains, use their respective block explorers:
- BscScan (Binance Smart Chain): Same steps as Etherscan. Use the “Token Approvals” tab.
- Polygonscan (Polygon): Same steps. Look for “Token Approvals” under “More”.
- Arbiscan (Arbitrum): Similar interface.
- Optimistic Etherscan (Optimism): Same logic.
Quick links:
– BscScan: bscscan.com
– Polygonscan: polygonscan.com
– Arbiscan: arbiscan.io
For Solana: Use Solscan or Step Finance to revoke token approvals. The process is similar—connect wallet, view approvals, revoke.
Step 6: Best Practices for Ongoing Wallet Security
Revoking once isn’t enough. Make it a habit.
1. Revoke After Every Interaction
After swapping on a new DEX or trying a new dApp, revoke the approval immediately. You can always approve again later.
2. Use Limited Approvals
When a dApp asks for approval, manually set a lower limit (e.g., “10 USDC” instead of “Unlimited”). This reduces risk.
3. Audit Your Wallet Monthly
Set a calendar reminder. Use Revoke.cash to scan all your chains and revoke anything suspicious.
4. Beware of Phishing Sites
Only use official URLs: revoke.cash, etherscan.io, etc. Scammers create fake “revoke” sites that steal your keys.
5. Revoke Smart Contract Permissions Beyond Tokens
Some approvals aren’t for tokens. Smart contract permissions (e.g., for NFTs or “setApprovalForAll”) are equally dangerous. Revoke.cash covers these too.
6. Use a Hardware Wallet
For large holdings, use a Ledger or Trezor. Revoke.cash works with hardware wallets. Never store large amounts in a hot wallet.
7. Remove Token Allowances for Old dApps
If you haven’t used a dApp in 6 months, revoke its allowance. The project might be abandoned or compromised.
Summary
| Tool | Best For | Cost |
|---|---|---|
| Revoke.cash | All chains, beginner-friendly | Gas fee only |
| Etherscan | Ethereum mainnet | Gas fee only |
| BscScan/Polygonscan | Specific chains | Gas fee only |
Your action plan:
1. Go to Revoke.cash right now.
2. Connect your wallet.
3. Revoke any “Unlimited” or suspicious approvals.
4. Repeat monthly.
A clean wallet is a secure wallet. By taking 10 minutes today to revoke token approvals, you significantly reduce your risk of being drained by a hack or exploit. Stay safe in 2026.
Frequently Asked Questions
Q: What does revoking token approval mean?
A: Revoking token approval means cancelling a permission you previously gave to a smart contract, allowing it to spend your tokens. You do this by sending a transaction that sets the allowance to zero, effectively removing the contract’s access to your funds.
Q: How much does it cost to revoke token approvals?
A: Revoking token approvals costs only the gas fee for the transaction, which varies by network congestion. On Ethereum, this can range from $5 to $50, while on Layer 2 chains like Arbitrum or Polygon, it is often under $1. There are no additional service fees.
Q: Can I revoke token approvals without paying gas fees?
A: Generally, no—each revocation requires a blockchain transaction with gas fees. However, some tools like Revoke.cash offer “batch revoke” features to combine multiple revocations into one transaction, saving on total gas costs.
Q: How do I check my token approvals on MetaMask?
A: MetaMask does not have a built-in approval checker, but you can use third-party tools like Revoke.cash or Etherscan. Simply connect your wallet to Revoke.cash, and it will automatically display all your active token approvals across multiple chains.
Q: What is an unlimited token approval and why is it dangerous?
A: An unlimited token approval lets a smart contract spend an infinite amount of a specific token from your wallet. This is dangerous because if the contract is hacked or malicious, the attacker can drain your entire balance of that token without further permission.
Q: How often should I revoke token approvals?
A: You should audit and revoke approvals at least once a month, or immediately after interacting with a new or unfamiliar dApp. Setting a monthly calendar reminder to scan your wallet with Revoke.cash is a good security habit.
Q: Can I revoke token approvals on Solana?
A: Yes, you can revoke token approvals on Solana using tools like Solscan or Step Finance. The process is similar: connect your wallet, view your token allowances, and submit a revocation transaction. Solana’s low fees make this very affordable.
Q: What is the difference between revoking token approvals and revoking smart contract permissions?
A: Token approvals refer to allowances for ERC-20 tokens, while smart contract permissions include broader access like NFT approvals (setApprovalForAll) or operator permissions. Both are dangerous if left active, and tools like Revoke.cash let you revoke both types in one dashboard.