Crypto
Revoke Approval
Definition
Revoke approval is the act of cancelling a wallet’s previously granted permission for a contract or address to spend your tokens or move your NFTs.
What is revoke approval?
Revoke approval means removing a previously granted onchain permission that lets a third-party address (often a smart contract) transfer assets from your wallet under the rules of a token standard. On EVM chains, this usually refers to cancelling an ERC-20 allowance or disabling an NFT operator permission, so the approved “spender” can no longer move your tokens or NFTs without a new authorization. It’s a core habit in how to secure your crypto wallet because approvals can persist long after you stop using an app, and they can be abused if the approved contract is compromised or if you fall for approval phishing.
Revoke token approval
To revoke token approval, you submit a transaction that updates the permission you previously granted during token approval. For ERC-20 tokens, that permission is an “allowance” recorded in the token contract, mapping your wallet to a spender address and a maximum amount it can transfer via `transferFrom`. Revoking typically means setting that allowance to zero (or to a smaller number) by calling the token’s `approve(spender, newAmount)` function from your wallet. After the transaction confirms, the spender can’t pull more than the new allowance, which is why reducing it to 0 is the cleanest way to fully cancel access.
Revoke allowance
Revoke allowance is the common phrase for cancelling an ERC-20 spender’s remaining limit. Mechanically, the token contract stores the allowance value, and DeFi apps rely on it to execute swaps, deposits, or repayments without asking you to sign every transfer. If you once approved an “unlimited” amount, the spender can keep transferring until you change that number—even months later—so long as the spender’s code (or keys, if it’s an EOA) can initiate `transferFrom`. Revoking the allowance resets that stored value, which is why it’s a key response when you’re researching how to revoke malicious approvals after interacting with an unknown dApp.
Revoke.cash
Revoke.cash is a popular interface that helps you review and revoke approvals across tokens and NFT collections by generating the correct onchain transactions for your wallet to sign. Instead of manually finding each token contract and spender address, you connect your wallet, inspect existing allowances and operator permissions, and then submit revocation transactions (for example, setting ERC-20 allowances to 0 or disabling NFT “approve for all” operators). Tools like this are useful because approvals are scattered across many contracts, and the risk isn’t always obvious—especially after approval phishing, where a malicious site tricks you into approving a spender that you didn’t intend to trust.
Remove approval
Remove approval is essentially the same action as revoking, but it’s worth noting that “approval” can mean different permissions depending on the asset type. For ERC-721 and ERC-1155 NFTs, you might have approved a single token ID to a specific address, or you might have granted a broad operator permission (often called “approve for all”) that lets an operator transfer any NFT from that collection. Removing approval means sending a transaction to clear the specific approval or to flip the operator permission off. Because NFT operator approvals can be sweeping, it’s smart to remove approvals you no longer need, particularly for marketplaces or aggregators you don’t actively use.
Why revoke approval matters
Revoke approval matters because approvals are one of the few ways a third party can move assets from your wallet without a fresh signature each time. While approvals enable smooth DeFi and NFT experiences, they also expand your attack surface: a compromised protocol, a malicious spender address, or a deceptive signature flow can turn an old approval into a real loss. Regularly auditing and revoking unused permissions limits blast radius, reduces the impact of contract exploits, and complements other best practices like using separate wallets and verifying signatures—habits that belong in any practical guide on how to secure your crypto wallet.
Frequently Asked Questions
What does revoke approval mean in crypto?
It means cancelling a permission your wallet previously granted to another address to move your tokens or NFTs. On EVM chains, this is usually done by setting an ERC-20 allowance to 0 or disabling an NFT operator approval. After it’s revoked, the spender can’t transfer assets under that old permission.
How do I revoke an ERC-20 token approval?
You revoke it by sending an onchain transaction to the token contract that changes the allowance for the spender address, typically to zero. Many wallets and approval-management tools generate this transaction for you. You’ll still pay network fees because it’s a state change on the blockchain.
Does revoking approval return my tokens?
No—revoking only changes permissions; it doesn’t move funds back into your wallet because the tokens never left. If tokens were already transferred out using the approval, revoking prevents further transfers but can’t undo past ones. Recovery then depends on the specific situation and counterparties.
Is it safe to use revoke.cash to remove approvals?
Revoke.cash is widely used as a front end to help you create the correct revocation transactions, but the safety still depends on verifying you’re on the legitimate site and reviewing what you sign. The actual revocation happens onchain in the token or NFT contract. Always double-check spender addresses and avoid signing unexpected approvals.
Why do dApps ask for unlimited approvals?
Unlimited approvals reduce friction by avoiding repeated approval transactions for future actions like swaps or deposits. The trade-off is risk: if the spender is exploited or malicious, it can transfer up to the approved amount. A safer approach is approving only what you need and revoking permissions when you’re done.
