If you use MetaMask as your software wallet, sooner or later you’ll sign an approval that lets a smart contract move tokens on your behalf. That permission is useful—the swap happened without you manually sending every token. But those approvals act like a standing tab. Left unchecked, they can become an attack surface.
How do I revoke token approvals MetaMask? This guide explains the what, why, and exactly how to remove token allowance MetaMask so you can reduce risk without interrupting normal DeFi activity. I’ve done this repeatedly after approving dozens of small DEXes and NFT marketplaces, and what I’ve found is that a regular check-up pays off.
(And yes, revoking is an on-chain transaction—so there’s a small gas cost.)
Most fungible token standards (ERC-20 on Ethereum and other EVM-compatible chains) expose an approve(spender, amount) call and an allowance mapping. When you call approve, the contract is allowed to call transferFrom and move up to that allowance.
Think of it like giving a vending machine the ability to take money from your wallet up to a limit. Unlimited approvals (MAX_UINT256) are common because they save gas on repeated swaps. But unlimited approvals are the risky equivalent of handing over an open tab.
For NFTs (ERC-721 / ERC-1155) the mechanics differ: approvals may be per-token or a setApprovalForAll which grants blanket access to a marketplace or operator.
Why revoke? Because approvals live on-chain until you change them. The later the check, the higher the chance of loss (I learned this the hard way when an obscure swap site attempted an unexpected transfer; revocation stopped further movement).
The typical flow is: view approvals for your address on the relevant network, choose the spender(s) to remove, and send a revocation transaction that sets allowance to zero (or a small safe amount). Below are practical steps that work with MetaMask.
Remember: disconnecting a dApp from MetaMask does not revoke token allowances. But disconnecting is still useful for privacy and preventing future auto-connections. See manage-connected-sites for more.
| Method | Where you run it | Pros | Cons | Gas cost |
|---|---|---|---|---|
| MetaMask built-in management (when available) | Extension / mobile UI | Fewer external connections; familiar UI | Not all approvals shown; UI changes | On-chain revocation cost applies |
| On-chain explorer token-approval checker | Browser / mobile in-app | Directly reads chain data; transparent | Must trust the site you connect to | On-chain transaction cost |
| Third-party revocation services | Browser / mobile | Batch options, UX for non-technical users | Extra trust required; potential phishing risk | On-chain transaction cost (might batch) |
(Alt text: table summarizing methods to revoke approvals.)
But don’t blindly connect to every "revoke" website you find. A malicious site could try to trick you into approving a different contract.
Who this helps: everyday DeFi users who use MetaMask for swaps, staking, and dApp interactions and want to minimize exposure without moving to cold storage. In my experience, casual traders and collectors benefit most from a monthly approval audit.
Who should look elsewhere: if you need enterprise-level custody, multi-sig protection, or want to avoid paying periodic on-chain revocations, consider hardware signers or smart contract wallets with session keys (see account-abstraction-and-smart-contract-wallets). Hardware wallets add friction but reduce signing risk.
Q: Is it safe to keep crypto in a hot wallet?
A: Hot wallets (software wallets) trade convenience for a larger attack surface than hardware or cold storage. They are fine for daily DeFi activity if you follow best practices: limit approvals, use small operational balances, and back up your seed phrase. See security-best-practices and seed-phrase-backup-and-recovery.
Q: How do I revoke token approvals MetaMask?
A: Use a token-approval checker or the built-in approvals UI, connect MetaMask, review spenders, and send a revoke (approve(spender, 0)) transaction. Follow the step-by-step above.
Q: What happens if I lose my phone?
A: Losing your phone is like losing access to a hot wallet interface; someone with your unlocked app could approve transactions. Recover using your seed phrase on a new device and move funds if you suspect compromise. See lost-phone and seed-phrase-backup-and-recovery.
Q: Can I batch revoke multiple approvals?
A: Some third-party tools and smart contract wallet flows support batching. Batching can save time, but it adds trust and complexity. See revoke-approvals-tools and account-abstraction-and-smart-contract-wallets.
Revoke token permission MetaMask on a schedule (monthly or after using a new dApp). It’s a small gas cost that often prevents much larger losses. In my experience, a quick approval audit is one of the highest-ROI security habits for active DeFi users.
Next steps: run an approval check right now, and if you want a deeper walkthrough of signing flows and gas optimization, read gas-fees-eip1559 and metamask-mobile-guide. If you need help with connected sites or managing permissions, see manage-connected-sites.
Want a checklist PDF or a printable step-by-step? The site has extra resources linked from revoke-approvals-tools.
Good luck—stay cautious, and keep your operational balances small.