Glossary

Approval Phishing

Phishing that tricks a user into granting a token approval that lets the attacker drain assets later.

Approval phishing is the dominant wallet-drain pattern on EVM chains.

The mechanic relies on the ERC-20 approve() function (and its NFT equivalents setApprovalForAll, ERC-721 approve). When you approve a contract for a token, you are giving that contract the right to move your tokens. If you approve a malicious contract, the attacker can drain your tokens any time after, often months later.

Symptoms in the wallet UI: a transaction prompt that asks you to approve, not to swap or transfer. The contract address is unfamiliar. The amount is "unlimited" (type(uint256).max).

Defenses:

Read what you sign. Hardware wallets show the function being called. approve is not swap.
Revoke approvals. Tools like Revoke.cash list every active approval on your address and let you revoke them.
Use limited allowances when the contract supports it.
Use a different wallet for interacting with new dApps than the one holding your treasury.

Related terms.

Services

How we work on this.

By industry

Where this comes up.

Need this fixed for real? Talk to us.

Book a call now

Blockchains Experts

Resources

Company

Legal

Approval Phishing

Related terms.

How we work on this.

Crypto Wallet Surveillance & On-Chain Monitoring

Multi-sig & MPC Wallet Setup

Where this comes up.

From the blog.

How Approval Phishing Drains Wallets, and How to Stop It

NFT Mint Security: 12 Things to Check Before Launch

Multi-Sig vs MPC: Choosing a Treasury Wallet Architecture

Need this fixed for real? Talk to us.