. 1 min read

How To Protect Your Tokens From DeFi Attacks

Disclosure: Crypto is a high-risk asset class. This article is provided for informational purposes and does not constitute investment advice. By using this website, you agree to our terms and conditions. We may utilise affiliate links within our content, and receive commission.

If you’re a DeFi (decentralized finance) user, do you actually know who can access your tokens? Are you sure that the dapps (decentralized apps) and smart contracts you use can’t access an unlimited amount of your tokens? Most importantly, how can you check that?

Source: iStock/DNY59

Numerous dapps and their smart contracts require you to grant access to an unlimited amount of tokens. While it does help you to improve your user experience, one signature is enough for all future transactions.

This also means that buggy, untrustworthy, and exploitable contracts might drain your account at any time. At the same time, there is no such thing as expiring permission yet, one approval will leave your wallet open for good, and there is no easy way to remove it.

However, there are tools like Token Allowance Checker (TAC) or Approved.Zone that might help you to audit your allowances.

Created by Ethereum developer Michael Bauer, Token Allowance Checker is a tool that checks your complete Ethereum transaction history and looks for ERC-20 approvals. Then, it collects all ERC-20 token contracts, as well as spender all addresses approved by you in the past.

Alternatively, you can use Approved.Zone, which does precisely the same.

By presenting all token approvals, these tools allow you to edit or delete the allowance amounts and thus protect you from malicious dapps that could spend tokens without your consent.

DeFi is still a nascent sector and there are many risks associated with smart contract exploits, bugs, and hacks, so be sure to be safe rather than sorry.

Learn more:
DeFi Loses USD 140M in a Few Hours as bZx Suffers Another Exploit
What are These Flash Loans that Caused an Uproar in Cryptoverse?