What Is a Token Approval in a Cryptocurrency Wallet?
A pop-up asking to “approve” a token often gets clicked through quickly, treated like just another confirmation step. It’s actually a distinct action with its own lasting consequences, separate from the trade or transfer someone thinks they’re making.
The short answer
A token approval is a permission a wallet owner grants to a smart contract, allowing that contract to move a specified amount (sometimes an unlimited amount) of a particular token on the owner’s behalf without asking again each time. It’s a separate transaction from an actual transfer, and it exists because of how many token standards are built. Once granted, an approval typically remains active indefinitely, even after the original transaction it was meant for is complete, until it’s manually revoked.
Why approvals exist at all
Many blockchain networks use a token standard where the token itself lives in a separate smart contract from any app that wants to use it, whether that’s a decentralized exchange, a lending platform, or an NFT marketplace. For that app’s contract to move a user’s tokens, for example to complete a swap, the token’s contract needs to be told in advance that the app is allowed to do so. That’s what an approval transaction does: it updates a permission record inside the token’s own contract, saying “this app can move up to this amount of my tokens.”
Without an approval step, every single interaction would require a different, more cumbersome technical structure. Approvals were adopted as a workaround, but the workaround comes with its own tradeoffs.
Why approvals often outlive their purpose
- Approvals don’t expire on their own. Once granted, an approval generally stays active until the wallet owner sends a separate transaction to revoke or reduce it — there’s no automatic timeout in most cases.
- Many approvals request unlimited amounts. For convenience, apps often ask for approval to move an unlimited quantity of a token rather than just the amount needed for one transaction, so future interactions don’t require repeated approvals.
- Old approvals accumulate silently. A wallet used across many different apps over time can end up with dozens of standing approvals, most forgotten, some tied to apps no longer used or maintained.
This is closely related to why decentralized apps ask for wallet spending permissions in the first place, and to the general practice of checking which apps have permissions on a wallet periodically.
Approvals versus the transaction that uses them
It helps to think of an approval as separate from any transfer. Granting approval doesn’t move a single token by itself — it only authorizes a future transfer, up to the approved amount, whenever the approved contract chooses to execute it. That’s a meaningful distinction, because a malicious or compromised contract with a standing approval could later move tokens without any further action or confirmation from the wallet owner, up to the approved limit.
Why unused approvals are a real risk
If a smart contract a wallet previously approved is later found to have a bug, is exploited, or turns out to be malicious from the start, any standing approval tied to it becomes a live liability, not just a historical footnote. This is one of the more overlooked risks in DeFi and NFT activity: a wallet can be drained through an old approval even if the owner hasn’t interacted with that specific app in a long time. Reviewing and revoking unused approvals is a maintenance task with no equivalent in traditional finance, where permissions like this generally don’t persist indefinitely without renewal.
This risk sits alongside other forms of wallet exposure worth understanding, like what is leverage in DeFi trading, since both involve giving a smart contract more standing authority over funds than a one-time transaction would.
The takeaway
A token approval is a standing grant of permission, not a one-time transfer, and it doesn’t disappear when the transaction it was meant for is finished. Because crypto transactions are irreversible and there’s no institution to call if an old approval is misused, periodically reviewing and revoking unnecessary approvals is one of the more practical habits available for reducing wallet risk over time.