Revoking DApp approvals is the most important regular maintenance operation for Web3 wallets. Binance Web3 Wallet provides three ways to revoke: "Connected Sites" management within the APP (disconnects sessions but doesn't revoke token approvals), the built-in "Token Approvals" tool (view and revoke ERC-20/BEP-20 token approvals), and third-party tools like revoke.cash (comprehensive scanning across 41 chains). On the Binance Official Website or in the Binance Official APP v2.92+, users can enter Web3 → Settings → Security Center to scan with one click. On-chain security incident statistics show that from 2024-2025, losses due to unrevoked approvals exceeded $1.8 billion, with 83% of victim wallets having approve(unlimited) records uncleaned for over 180 days. It is recommended to check your approval status every 30 days. iPhone users can refer to the iOS Installation Tutorial to install the latest version and experience this security feature.
Why You Must Revoke Approvals
The Nature of Authorization
When you trade USDT on a DEX, you must first "approve" the USDT contract to give the router an "allowance." If you approve "unlimited" (2^256-1), as long as that contract has a vulnerability or is upgraded to a malicious one, all USDT in your wallet can be transferred at any time.
Real Case Data
- 2024 Balancer Vulnerability: Approx. $9.7 million in assets stolen, all from unrevoked approvals from 2 years prior.
- 2025 Q1 PancakeSwap Fake Site: Phishing approvals led to an average loss of $1,800 per address.
- Uniswap Permit2 Phishing: 4,200 addresses hit globally in a single month, average loss $5,300.
Risk Duration
Once given, an authorization remains valid forever until manually revoked or the contract is self-destructed. Even if a DApp shuts down, the approval still exists on-chain.
Three Steps to Revoke in Binance Web3 Wallet
Step 1: Disconnect DApp Sessions (Basic)
- Open APP → Web3 → Gear icon "Settings" top right.
- Click "Connected Sites" to view the session list.
- Swipe left or click "Disconnect" to remove individual or all sites.
Note: Disconnecting only terminates the current session communication and does not revoke on-chain token approvals; these are independent concepts.
Step 2: In-APP Token Approvals
Built-in tool launched in late 2025:
- Web3 → Security Center → Token Approvals.
- Select the chain to check (defaults to scanning BNB Chain, Ethereum, and Arbitrum).
- The list shows: Token Name / Approved Contract / Allowance / Last Used Time.
- Click risk items (unlimited approvals marked in red) → Revoke.
- Pay on-chain Gas (revocation itself is a transaction, approx. $0.5-5).
Step 3: Deep Cleaning via revoke.cash
Third-party tools cover more chains:
- Open revoke.cash in your browser.
- Click "Connect Wallet" → Binance Web3 Wallet.
- Select the chain (supports 90+ chains).
- After scanning, sort by risk level.
- Check the approvals to revoke; supports batching (same-chain batching saves 30% Gas).
Five Types of High-Risk Approvals You Must Revoke
| Authorization Type | Risk Level | Revocation Priority |
|---|---|---|
| ERC-20 unlimited approve | High | Immediate |
| NFT setApprovalForAll | Extremely High | Immediate |
| Permit2 unlimited | High | Immediate |
| Old Uniswap V2 Router | Medium | Within 30 days |
| Shutdown DApp approvals | Medium | Within 30 days |
| Specific limited approve | Low | No need |
Allowance Recommendations for Different Scenarios
DEX Trading
- One-time users: Use precise allowance, e.g., if swapping 500 USDT, approve only 500 instead of unlimited.
- High-frequency users: Authorize 10x planned trading volume (e.g., monthly 10k volume, authorize 100k) combined with quarterly revocation.
- Bots: Never use unlimited; dynamically approve before each trade.
NFT Marketplaces
OpenSea, Blur, etc., require setApprovalForAll(true), authorizing the entire NFT collection. Risk is extremely high; recommended:
- Use a secondary wallet for high-value NFTs, only approving when selling.
- Revoke immediately after sale via
setApprovalForAll(false). - Proactively check all NFT contract approvals every 60 days.
Lending Protocols
Protocols like Aave/Venus need unlimited allowance for collateral; these are relatively safe (thoroughly audited), but still recommended:
- Revoke after withdrawing from the protocol when not in use.
- Revoke old version authorizations when the protocol upgrades.
Revocation Gas Cost Comparison
| Chain | Single Revoke Gas | Batch of 10 |
|---|---|---|
| Ethereum Mainnet | $2-6 | $15-30 |
| BNB Chain | $0.1 | $0.5 |
| Arbitrum | $0.08 | $0.4 |
| Base | $0.04 | $0.2 |
| Polygon | $0.02 | $0.1 |
| Solana | $0.001 | $0.008 |
Conclusion: Ethereum mainnet revocation is expensive; it's recommended to batch 8-10 high-risk approvals together.
Recommended Scanning Frequencies
| User Type | Scanning Period | Focus |
|---|---|---|
| Casual Users (<5 monthly activities) | 90 days | Clear all old approvals |
| DeFi Users (20+ monthly activities) | 30 days | Keep active DApps, clean others |
| Airdrop Hunters (multi-address) | After every major action | Scan each address independently |
| NFT Traders | 14 days | Specifically watch setApprovalForAll |
| Cold Wallet | Once before and after funding | Ensure zero active approvals |
Verification After Revocation
- Scan again via revoke.cash to confirm the approval no longer appears.
- Check your wallet's Approval history tab on Etherscan; the latest record should be the revocation transaction.
- Security scores on DeBank/Zerion should increase.
Frequently Asked Questions
Do I need a private key to revoke? No, you only need to connect your wallet and sign a transaction.
Can I still use the DApp after revoking? Yes, just re-approve the next time you trade.
Do all addresses need revoking? Only addresses that have actively initiated authorizations have records; brand new addresses don't need revocation.
How to revoke for hardware wallets? Same process; just confirm the transaction by pressing buttons on the hardware wallet.
Regularly revoking approvals should be muscle memory for Web3 users, just like changing passwords. Binance Web3 Wallet has integrated this operation within the APP, greatly lowering the barrier. We recommend opening the APP immediately to complete your first scan; you might be surprised to find dozens of forgotten authorizations from years ago in your wallet.