# Approval Phishing

> A scam where you sign a transaction that grants an attacker permission to move tokens out of your wallet.

Canonical URL: https://fudfomo.co/glossary/approval-phishing
Source: What The Block! Dictionary v1.0 (last updated 2026-04-25), browsable at https://wtb.fudfomo.co.

## Definition

Approval phishing tricks you into signing a token approval that gives a malicious contract permission to spend your tokens. Many wallets show approvals as harmless because they do not move funds immediately, but the permission can be used at any time later to drain your balance.

The defences are reading the permissions a wallet asks for, using tools that flag suspicious contracts, and revoking unused approvals regularly.

## Related terms

- [Phishing](https://fudfomo.co/glossary/phishing): A scam where attackers impersonate a trusted service to steal credentials or trick you into signing a bad transaction.
- [Smart Contract](https://fudfomo.co/glossary/smart-contract): A program that runs on a blockchain and does what it says, automatically.
- [Wallet](https://fudfomo.co/glossary/wallet): An app or device that holds the keys you need to spend and receive crypto.
- [DApp](https://fudfomo.co/glossary/dapp): A decentralised application. A web app whose backend logic runs on smart contracts.

## See the full catalogue

What The Block! covers more than 2,000 plain-English crypto terms, delivered as embeddable hover-state tooltips for crypto exchanges. https://wtb.fudfomo.co