Why Do Old Token Approvals Stay Active After an App Is No Longer Used?

Updated July 13, 2026 6 min read

Someone tries a new app once, connects their wallet, grants the permissions it asks for, and never opens it again. Months later, that forgotten app can still technically move funds from that wallet, simply because nothing ever told the permission to stop.

The short answer

Token approvals don’t expire on their own just because the app that requested them stops being used. A token approval is a standing instruction recorded on the blockchain that stays active indefinitely — through inactivity, an app shutting down, or even a change in ownership of that app — until the wallet holder takes a separate action to revoke it.

Why permissions work this way in the first place

Decentralized apps ask for wallet spending permissions so they can move tokens on a user’s behalf without requiring a manual approval for every single transaction, which makes routine activity like swaps or repeated interactions much smoother. To make that convenience work, many apps request a broad, ongoing approval rather than a one-time authorization, and that approval is written to the blockchain as a persistent instruction — not tied to how often the app is opened or whether it’s still being maintained.

What “still active” actually means

An approval sitting unused isn’t dormant in any functional sense — it’s a live instruction sitting on-chain, fully capable of being used the moment the right transaction is submitted with it. Nothing about a wallet’s activity, an app going offline, or the passage of time changes that fact. The approval only stops working once the wallet holder submits a transaction that specifically revokes it, which is itself a deliberate action rather than something that happens passively.

Why this becomes a real risk over time

Why this differs from other kinds of digital permissions

This is a meaningfully different model from, say, an API key with limited permissions that a platform can revoke centrally on a user’s behalf. On a blockchain, there’s no central authority who can revoke an approval for someone — only the wallet holder who granted it can undo it, using their own wallet to submit the revocation transaction, which typically requires paying a small network fee for the privilege of removing access that cost nothing extra to grant in the first place.

The takeaway

An old token approval doesn’t fade away with disuse — it sits active until someone deliberately revokes it, regardless of whether the app behind it is still running, abandoned, or compromised. Periodically reviewing which apps hold standing approvals is one of the more overlooked forms of basic wallet hygiene, precisely because nothing about the system prompts that review automatically.