Take Back Control of Your Wallet.
When using dapps like Uniswap or OpenSea you have to grant them permission to spend your tokens and NFTs. This is called a token approval. If you don't revoke these approvals, the dapp can spend your tokens forever. Take back control by revoking your approvals.
How To Revoke Your Approvals.
1. Connect
Click Connect Wallet on the top right or enter an address in the search bar.
2. Inspect
Inspect your approvals by using the network selection, sorting and filtering options.
3. Revoke
Revoke the approvals that you no longer use to prevent unwanted access to your funds.
Why You Should Use Revoke.cash.
1. Use Revoke.cash periodically.
It is always good to limit your approvals whenever you are not actively using a dapp, especially for NFT marketplaces. This reduces the risk of losing your funds to hacks or exploits and can also help mitigate the damage of phishing scams.
2. Use Revoke.cash after getting scammed.
Very often, scammers try to trick you into granting them an approval to your funds. Sort your approvals by most recent to find out which approvals are to blame and revoke them to prevent further damage. Unfortunately it is not possible to recover funds that have already been stolen.
3. Use the Revoke.cash browser extension.
Prevention is better than mitigation. The Revoke.cash browser extension warns you when you're about to sign something potentially harmful. This can save you from phishing scams by making you think twice about what you're doing.
Frequently Asked Questions
Can I use Revoke.cash to recover stolen assets?
No. Revoke.cash is a preventative tool that helps you practice proper wallet hygiene. By regularly revoking active approvals you reduce the chances of becoming the victim of approval exploits. But unfortunately it cannot be used to recover any stolen funds. You should still make sure to revoke the approvals that were used to take your funds so that they cannot steal more in the future.
Can hardware wallets save me from approval exploits?
No. In general, hardware wallets are much safer than mobile or browser-based wallets because the wallet's keys are securely stored on the device, making it impossible to steal the keys without proper access to the device. But with approvals no one needs to steal your keys to take your tokens. And because of that hardware wallets offer no extra protection against approval exploits.
I want to revoke approvals, but when I add ETH to my account it gets stolen.
If you have a so-called "sweeper bot" on your account that steals any ETH as soon as it comes in, your seed phrase was compromised. This means that revoking approvals is not going to help with your wallet security. Unfortunately, there is no way for your wallet to recover from this. You should abandon this wallet and create a new one.
Is it enough to "disconnect" my wallet instead of revoking approvals?
No. Disconnecting your wallet (e.g. MetaMask) does not do anything to protect you from approval exploits - or most other exploits. The only thing that happens when disconnecting your wallet from a website is that that website cannot see your address anymore. But your approvals stay active.
These are some of the most common questions we get asked. For a full list of FAQs please visit our FAQ page.