How to Revoke Token Approvals 2026: Stop Wallet Drainers Instantly
Published on 2026-07-01
## CRITICAL: If You Just Connected to an Unknown Site
If you just approved a token spending allowance on a site you have never used before, **go to revoke.cash IMMEDIATELY** and revoke that approval. Every second you wait is a second the drainer has access to your funds. Do not finish reading this article first -- open revoke.cash in a new tab right now, connect your wallet, and revoke the most recent approval. Then come back and read the rest.
---
## What Is a Token Approval and Why Is It Dangerous?
When you use a DeFi protocol -- a DEX like Uniswap, a lending platform like Aave, or an NFT marketplace like OpenSea -- you grant the smart contract permission to spend a specific token from your wallet. This is called a **token approval** (or allowance).
Here is the problem: most users approve **unlimited spending**. The default in MetaMask and most wallets is to approve the maximum possible amount -- effectively infinite tokens. If that smart contract is later exploited, or if you approved a malicious contract disguised as a legitimate dApp, the attacker can drain every token of that type from your wallet.
**The approval does not expire.** It stays active until you manually revoke it. A contract you approved in 2023 can still drain your wallet in 2026.
---
## How to Check Your Active Token Approvals Right Now
Before you can revoke anything, you need to see what is approved. Here is how to check across every major network:
### Method 1: Revoke.cash (Recommended)
1. Go to **revoke.cash** in your browser
2. Click "Connect Wallet" and select MetaMask, Rabby, or your wallet
3. The dashboard shows every active approval across 40+ networks
4. Each row shows: the token, the spender contract, and the approved amount
5. Look for approvals with "Unlimited" amounts -- these are the highest risk
### Method 2: Etherscan Token Approval Checker
1. Go to **etherscan.io/tokenapprovalchecker**
2. Enter your wallet address
3. View all ERC-20, ERC-721 (NFT), and ERC-1155 approvals
4. Click "Revoke" next to any approval you want to remove
### Method 3: BscScan / Polygonscan / Arbiscan
Each block explorer has its own approval checker:
- **BSC:** bscscan.com/tokenapprovalchecker
- **Polygon:** polygonscan.com/tokenapprovalchecker
- **Arbitrum:** arbiscan.io/tokenapprovalchecker
- **Base:** basescan.org/tokenapprovalchecker
- **Optimism:** optimistic.etherscan.io/tokenapprovalchecker
---
## Step-by-Step: How to Revoke a Token Approval
### On Revoke.cash (Easiest)
1. Connect your wallet to revoke.cash
2. Switch to the network you want to check (Ethereum, BSC, Polygon, etc.)
3. Find the approval you want to revoke in the list
4. Click the "Revoke" button next to it
5. Confirm the transaction in your wallet
6. Pay a small gas fee (typically $1-5 on Ethereum, under $0.10 on L2s)
7. Wait for the transaction to confirm -- the approval is now gone
### On Etherscan (No Third-Party Site)
1. Go to etherscan.io/tokenapprovalchecker
2. Enter your wallet address and click search
3. Find the approval you want to remove
4. Click the red "Revoke" button
5. Connect your wallet when prompted
6. Confirm the transaction and pay gas
### Using Rabby Wallet (Built-In)
Rabby Wallet has a built-in approval management panel:
1. Open Rabby and click the "Approvals" tab
2. See every active approval across all networks
3. Click "Revoke" on any approval
4. Confirm and pay gas
---
## Which Approvals Should You Revoke?
Not every approval is dangerous. Here is a quick decision guide:
| Approval Type | Action | Why |
|---|---|---|
| **Unlimited USDC/USDT to unknown contract** | Revoke immediately | Drainer risk |
| **Unlimited ETH/WETH to a DEX you use weekly** | Reduce to a specific amount | Lower blast radius |
| **NFT approval to a marketplace you no longer use** | Revoke | No reason to keep it |
| **Limited approval (e.g., 100 USDC) to a known protocol** | Keep if you still use it | Low risk, bounded loss |
| **Any approval to a contract you do not recognize** | Revoke immediately | Assume malicious |
| **Approvals on networks you no longer use** | Revoke all | No downside |
**Rule of thumb:** If you do not recognize the spender contract, revoke it. If the approval is unlimited and you have not used that dApp in 30 days, revoke it.
---
## How Much Does It Cost to Revoke Approvals?
Revoking an approval is a blockchain transaction, so you pay gas. Here are the average costs in July 2026:
| Network | Average Revoke Cost | Time to Confirm |
|---|---|---|
| Ethereum | $2.00 - $8.00 | 15-60 seconds |
| Arbitrum | $0.05 - $0.15 | 5-15 seconds |
| Base | $0.02 - $0.10 | 5-10 seconds |
| Optimism | $0.03 - $0.12 | 5-15 seconds |
| Polygon | $0.01 - $0.05 | 3-10 seconds |
| BNB Chain | $0.05 - $0.15 | 3-10 seconds |
| Avalanche | $0.05 - $0.20 | 3-10 seconds |
**Pro tip:** Revoke approvals during low-congestion hours (weekends or late night UTC) to save 30-50% on gas. Use our [Compare Network Fees](https://cryptonetworkguide.com/) tool to check live gas prices before revoking.
---
## The Unlimited Approval Trap: How to Avoid It
Most wallets default to unlimited approvals because it saves you a second transaction later. But it also means a single exploit can drain your entire balance of that token.
### How to Set Limited Approvals
**In MetaMask:**
1. When a dApp requests an approval, MetaMask shows the spending cap
2. Click "Edit" next to the spending cap
3. Enter a specific amount (e.g., the exact amount you are swapping)
4. Confirm the transaction
**In Rabby Wallet:**
1. Rabby defaults to limited approvals -- it only approves the exact amount needed
2. No extra steps required; this is the default behavior
**In Coinbase Wallet:**
1. When prompted for approval, tap "Custom spending cap"
2. Enter the exact amount you need
3. Confirm
---
## What If a Drainer Already Took Your Funds?
If you are reading this after a drainer already emptied your wallet:
1. **Stop using that wallet immediately.** It is compromised. Create a new wallet.
2. **Revoke all remaining approvals** on the compromised wallet to prevent further losses.
3. **Transfer any remaining tokens** to your new wallet.
4. **Do not respond to DMs** from anyone claiming they can recover your funds. They cannot. These are recovery scammers targeting victims.
5. **Report the incident** to:
- The blockchain explorer (Etherscan, BscScan) -- they can flag the scam contract
- Chainalysis or Crystal Blockchain if the amount is significant
- Your local cybercrime authority (FBI IC3 if in the US)
**Reality check:** Blockchain transactions are irreversible. If a drainer successfully transferred your tokens to their wallet, recovery is extremely unlikely. The best defense is revoking approvals BEFORE an exploit happens.
---
## Monthly Approval Hygiene Checklist
Set a calendar reminder for the 1st of every month. Spend 5 minutes:
1. Open revoke.cash and connect your wallet
2. Check every network you have ever used
3. Revoke any approval to a contract you do not recognize
4. Revoke any unlimited approval to a dApp you have not used in 30 days
5. Revoke all approvals on networks you no longer use
Five minutes a month can save your entire portfolio.
---
## Frequently Asked Questions
**Q: Does revoking an approval cost gas?**
A: Yes. Revoking is an on-chain transaction. Costs range from $0.01 on Polygon to $8 on Ethereum mainnet. Use L2s for cheaper revocations.
**Q: Can I revoke approvals from my phone?**
A: Yes. Revoke.cash works on mobile browsers. Connect via MetaMask Mobile or Rabby Mobile. The process is identical to desktop.
**Q: What happens if I revoke an approval I still need?**
A: Nothing bad. The next time you use that dApp, it will ask you to approve again. You just pay gas twice -- once to revoke, once to re-approve. Better safe than drained.
**Q: Do NFT approvals work the same way?**
A: Yes. When you list an NFT on OpenSea or Blur, you approve the marketplace contract to transfer that NFT. Revoke these if you no longer use the marketplace. Revoke.cash shows ERC-721 and ERC-1155 approvals alongside token approvals.
**Q: Can a contract drain my wallet without an approval?**
A: No. A smart contract cannot move your ERC-20 tokens without an active approval. ETH itself does not use approvals -- but malicious contracts can trick you into sending ETH directly. Never sign a transaction you do not fully understand.
---
*Last updated: July 1, 2026. Revoke.cash and block explorer interfaces may change. Always verify you are on the correct URL before connecting your wallet.*