revoke.cash is the web tool — and the corresponding browser extension — that lets you audit and revoke ERC-20 approvals, ERC-721 setApprovalForAll grants, and Permit2 allowances across all major EVM chains. Free, non-custodial, signs revoke transactions directly from your wallet, and ranks as the single most important quarterly habit for any holder active on Ethereum, Polygon, Arbitrum, Optimism, Base, or BSC.

What the tool actually shows

Visit revoke.cash, connect your wallet, and the tool surfaces every active approval at the address: which spender contract is approved, what token (or NFT collection) the approval covers, how much (or "unlimited" for setApprovalForAll), and when the approval was granted.

The interface lets you revoke any one of them — or batch-revoke a set — by signing on-chain revocation transactions. Each revocation costs gas (the regular network fee for sending a transaction), which is the main reason most users don't do this routinely.

Why this matters more in 2026 than in 2022

Three trends made revoke.cash essential:

First, the rise of permit-style approval phishing. setApprovalForAll and Permit2 signatures grant approvals that persist until explicitly revoked. A signature from two years ago, forgotten by the user, can still be exercised today.

Second, the multi-chain proliferation of dApp interactions. A US holder active across Ethereum, Arbitrum, Base, and Polygon accumulates approvals on each chain separately. Auditing four chains manually is impractical; revoke.cash auto-discovers across all major EVM chains in one session.

Third, the drainer-as-a-service business model. Attackers maintain databases of valid setApprovalForAll grants and exercise them when the original target accumulates new assets at the same address. Revocation is the only complete defense.

The quarterly hygiene routine

For an active US holder, the recommended habit:

  1. First weekend of each quarter, set aside thirty minutes.
  2. Connect each wallet you actively use to revoke.cash.
  3. Filter by "unlimited approvals" first — these are the highest-risk.
  4. Revoke any approval to a contract you do not currently use. If you cannot remember granting the approval, that is sufficient reason to revoke.
  5. Pay the gas. The cost is typically $1-5 per revocation on L2s, $5-30 per revocation on Ethereum mainnet at normal gas prices.

The single most underestimated defensive habit in crypto, by dollar value of losses prevented. The cost is one to two hours per year and a few hundred dollars in gas. The benefit is being immune to a substantial fraction of the attack surface that has stolen billions from less-vigilant holders.

What revoke.cash does not protect against

Two limits worth knowing:

Revoke.cash addresses existing approvals — it does not prevent new bad ones. The discipline of reading every approval before signing is still required.

Revoke.cash works on EVM chains. Bitcoin, Solana, Cosmos all have their own approval models or no approval model at all (Bitcoin native transactions don't have allowances). For Solana, the equivalent tools are RugCheck and Solscan's "Token Allowance" view; for Cosmos, ICA (Interchain Account) audit tools are still maturing.

The browser extension version of revoke.cash adds an inline warning when a dApp prompts an approval that exceeds normal patterns. Worth installing on whichever browser you use for DeFi.

Further reading: setApprovalForAll, EIP-2612 Permit, Phishing.