Basic Crypto with the Beasts: Disconnect sites and revoke token approvals

How to revoke token approvals from web3 to secure your wallet.

Today, we will look at how you can remove sites you’ve connected in MetaMask and how to revoke token approvals on chain. These two tasks are essential for basic security and maintenance.

By revoking permissions, you can ensure that unauthorized parties cannot access your wallet and its contents.

The revoke process is pretty straightforward, but it will require some funds for gas on the chain you’re using. More on that below.

Basic Crypto with the Beasts: How to disconnect sites in MetaMask

How to revoke token approvals in web3 and MetaMask.

Be aware that disconnecting from sites within MetaMask does not protect you from approval exploits. It merely removes the site’s history within your wallet and effectively makes your wallet address invisible to that website and related dapps. You’ll also want to check your token approvals, which we’ll cover in another section.

Disconnecting Sites in MetaMask for Desktop

To disconnect sites from your MetaMask wallet on desktop, do the following:

  1. First, make sure you’re logged in to your wallet.
  2. In account view, click the menu button (three dots) in the top right.
  3. Click the Connected Sites option in the menu.
  4. You will see a list of websites and dapps currently connected. Simply click Disconnect from the sites you want to remove.

Disconnecting sites does not cost gas, but you will be asked to approve the process within your MetaMask wallet.

Disconnecting Sites in MetaMask Mobile

On mobile, the process is a little different. You must do the following:

  1. Open the site you want to disconnect in the browser tab of MetaMask mobile.
  2. Once you’re on the site, tap your account icon in the top right.
  3. You’ll see a list of accounts that are currently connected. Tap Permissions at the top near the site URL.
  4. Next, choose either Disconnect next to the account you want to remove or Disconnect All Accounts at the bottom to remove every account on your device.

Please Note: After disconnecting from sites or dapps you will need to reconnect in the future if you want to use them again.

Basic Crypto with the Beasts: How to revoke token approvals

There are a few ways to revoke token approvals on chain, but we will be using the respective Scan sites. For Ethereum-based tokens, that’s; for BSC, that’s; and for Polygon (MATIC), that’s

Go to the corresponding site for the chain you wish to revoke approvals. For this tutorial, we’re going to be using Etherscan.

  1. Enter the address you wish to clean in the search bar, presumably your ETH address, and click the magnifying glass icon to search.
  2. You will see a list of token approvals connected to your searched address. It should list the transaction hash of each approval, when it was last updated, the assets involved, the approved parties, and more.
  3. Click the Revoke button next to the token approval in the list that you wish to disconnect. You will have to do this for each event.
  4. You’ll be asked to sign the transaction and pay gas. Accept and pay to revoke token permissions.
  5. Wait until the transaction completes and continue revoking permissions for other approvals.
  6. Refresh the page and re-search your address to see if the approvals are gone.

That’s it. It can be quite a lengthy process if you have a lot of approvals connected to your wallet. But it’s still a good idea to do this regularly.

What does revoking token approvals do?

By doing this regularly and revoking approvals for tokens you’re not using, you reduce the risk of approval exploits. You should habitually revoke approvals after every transaction or at least every few weeks or months.

You can protect yourself from security events like the recent Ledger exploit, for example, by revoking permissions.