Why People Say “Revoke” After a Wallet Hack

Whenever someone’s wallet gets compromised, you’ll often see people saying “Revoke everything!” But why? What happens when you revoke?

Before answering that, you need to know two terms: Approve and Permit. Approve is when you give another wallet address or smart contract permission to spend your tokens or NFTs on your behalf. This requires an on-chain transaction. Permit is similar but works with an off-chain signature, so no transaction fee is involved.

Why give this permission at all? Take OpenSea as an example. When you list an NFT for sale, you approve that NFT to the OpenSea contract. This allows OpenSea to transfer it once a buyer pays. Without this approval, OpenSea would have to rely on you to manually send the NFT, which isn’t practical.

Now, here’s the risk. If a contract you approved gets hacked, the attacker can use that permission to move your assets. Even if your wallet isn’t directly hacked, any active approval to a compromised contract is dangerous.

This is where revoking comes in. Revoking removes the permission you gave earlier. Once revoked, the contract can’t transfer your tokens or NFTs anymore. It’s like taking back a spare key before it can be misused.

If your wallet is hacked or you’ve approved a risky contract in the past, revoke those approvals immediately. It’s a simple step that can prevent further loss.