If you have ever swapped tokens on a decentralized exchange, provided liquidity to a DeFi protocol, or interacted with any smart contract on Ethereum or similar networks, you have almost certainly granted token approvals that you have long forgotten about. On May 7, 2026, the TrustedVolumes exploit demonstrated exactly why this matters: $6.7 million was drained from user wallets not through phishing or hacked private keys, but through old token approvals that users had granted months or even years earlier. This guide walks you through what token approvals are, why they are dangerous when left unchecked, and exactly how to audit and revoke them — step by step.
The Basics
A token approval is a permission you grant to a smart contract allowing it to spend a specific amount of a particular token from your wallet. When you swap tokens on Uniswap, for example, you first approve the Uniswap contract to spend your tokens, then execute the swap. Most interfaces default to unlimited approvals because it saves gas fees — instead of approving exactly 100 USDC for one transaction, you approve an unlimited amount so you do not have to pay approval gas fees on future swaps.
This convenience creates a persistent security exposure. Every unlimited approval you have ever granted remains active until you explicitly revoke it or spend your entire balance of that token. If the contract you approved is later compromised — as happened with TrustedVolumes — the attacker can use your existing approval to move your tokens without any action from you.
Think of it like giving a valet key to your car. You trust the valet today, but if that key is copied and the valet company is compromised months later, someone else can drive away with your car even though you are not at the restaurant anymore.
Why It Matters
The TrustedVolumes exploit on May 7, 2026, provides a textbook example. TrustedVolumes operated as a resolver for 1inch Fusion, a popular DEX aggregator. Users who had previously swapped tokens through 1inch Fusion had granted token approvals to TrustedVolumes’ resolver contract. When an attacker found a vulnerability in that contract, they registered themselves as an “Allowed Order Signer” — a trusted role — and then used the existing approvals to drain approximately 1,291 WETH, 16.9 WBTC, 206,282 USDT, and 1,268,771 USDC from user wallets across 85 rapid transactions.
The critical detail: users did not click anything, sign any transaction, or visit any malicious website. Their old approvals were sufficient for the attacker to move their funds.
This was not an isolated incident. The same attacker was responsible for the March 2025 1inch Fusion V1 hack that drained $5 million. April 2026 saw $635 million stolen across DeFi exploits, including a $285 million attack on Drift Protocol and a $293 million exploit of Kelp DAO. The pattern is clear — attackers are increasingly targeting the infrastructure layer of DeFi, and old token approvals are a primary attack vector.
Getting Started Guide
Auditing your token approvals is straightforward and takes about 10 minutes. Here is exactly what to do.
Step 1: Visit Revoke.cash
Open your browser and navigate to revoke.cash. This is a free, open-source tool that scans your wallet for active token approvals across multiple blockchains including Ethereum, Arbitrum, Optimism, Polygon, Base, and others.
Step 2: Connect your wallet
Click “Connect Wallet” and select your wallet provider — MetaMask, WalletConnect, Coinbase Wallet, or others. Revoke.cash is a read-only tool at this stage — connecting your wallet allows it to scan your approvals but does not grant any permissions.
Step 3: Review your approvals
Once connected, Revoke.cash displays every active token approval on your wallet, organized by network. For each approval, you will see the token, the spender (the contract address that has permission), and the amount approved.
Step 4: Identify risky approvals
Focus on approvals that meet any of these criteria:
– Unlimited approvals (the amount shows as “Unlimited” or an extremely large number)
– Approvals for contracts you no longer use
– Approvals for protocols you do not recognize
– Approvals on networks you are not actively using
Step 5: Revoke unnecessary approvals
Click the “Revoke” button next to any approval you want to remove. Your wallet will prompt you to confirm a transaction — this is the revocation transaction, and you will need to pay a small gas fee. Review each one carefully before confirming.
Step 6: Repeat for each network
Switch between networks using the dropdown at the top of the page and repeat the process. Approvals are chain-specific, so revoking an approval on Ethereum does not affect your approvals on Arbitrum or Base.
Common Pitfalls
Pitfall 1: Revoking approvals you still need.
If you have an active position in a DeFi protocol — for example, you have provided liquidity to a Uniswap pool — revoking the associated approval may prevent you from withdrawing your funds or managing your position. Only revoke approvals for contracts you are no longer actively using. When in doubt, check whether you have open positions in the protocol first.
Pitfall 2: Assuming hardware wallets protect you.
A hardware wallet like a Ledger or Trezor protects your private keys, but it does not prevent you from granting token approvals, nor does it protect against exploitation of approvals you have already granted. If you approved a compromised contract while using a hardware wallet, your funds are still at risk.
Pitfall 3: Thinking you are safe because the protocol “was not hacked.”
The TrustedVolumes exploit perfectly illustrates this misconception. 1inch itself was not hacked — its code, infrastructure, and user funds remained secure. The exploit targeted a third-party resolver contract. In DeFi, your security depends on every contract in the transaction path, not just the protocol whose interface you are using.
Pitfall 4: Only checking after a hack is reported.
By the time an exploit is publicly reported, funds may already be gone. Make approval auditing a regular practice — monthly at minimum, and immediately after completing any DeFi transaction.
Next Steps
After completing your first approval audit, build it into your regular DeFi hygiene routine. Consider setting a monthly calendar reminder to check Revoke.cash. After every significant DeFi interaction, review the approvals you just granted and revoke any that are unlimited or unnecessary.
For advanced protection, explore transaction simulation tools like Tenderly or Blockaid’s browser extension. These tools simulate what will happen before you sign a transaction, helping you catch unexpected token transfers or contract interactions.
Finally, consider using a dedicated “DeFi wallet” separate from your primary holdings wallet. Keep only the funds you need for active DeFi positions in this wallet, and maintain your long-term holdings in a separate wallet that never interacts with smart contracts. This limits your maximum exposure even if an approval is exploited.
The TrustedVolumes exploit was a $6.7 million lesson in DeFi security. Make sure you learned it without paying tuition.
Disclaimer: This article is for educational purposes only and does not constitute financial or security advice. Always conduct your own research and consider consulting security professionals for personalized guidance.
Smart contract audits have improved dramatically since 2022
Permissionless lending is still the most powerful use case in crypto
permissionless lending with proper risk parameters is the sweet spot. overcollateralization keeps it safe while maintaining access
TrustedVolumes draining 6.7M through old approvals is terrifying. most people have dozens of unlimited approvals they granted years ago and forgot about
Cross-chain DeFi is the next frontier
cross-chain DeFi only works if the bridges are secure. right now bridges are still the weakest link in the entire ecosystem
Dmitri K. the bridge problem is real but the approval problem is bigger. at least bridges are newsworthy. stale approvals just silently drain wallets