// GLOSSARY -- SECURITY & COMPLIANCE

What is Approval Hijacking?

1 min read Updated

Approval hijacking is an attack that exploits existing ERC-20 token approvals to drain funds — either by compromising the approved spender contract or by tricking the victim into granting approval to a malicious contract.

WHY IT MATTERS

When you approve a contract to spend your tokens, you're trusting that contract forever (or until you revoke). If that contract has an exploitable vulnerability, or if the admin key is compromised, the attacker can use the existing approval to drain your tokens without any further interaction.

The attack is particularly insidious because the victim doesn't need to take any action. They approved a legitimate contract months ago, forgot about it, and now an attacker is using that old approval to drain tokens. Infinite approvals are the primary enabler.

Agent wallets that interact with multiple DeFi protocols accumulate approvals rapidly. Each approval is a dormant vulnerability. If any approved contract is later compromised, all wallets with outstanding approvals are at risk.

HOW POLICYLAYER USES THIS

PolicyLayer restricts agent token approvals — preventing infinite approvals, limiting approved amounts to what's needed per transaction, and supporting automatic revocation after use. This minimizes the approval attack surface.

FREQUENTLY ASKED QUESTIONS

How do I check for existing approvals on my agent wallet?
Use Revoke.cash, Etherscan's token approval checker, or the Debank approval dashboard. These show all outstanding approvals, the approved amounts, and the spender contracts.
Should I revoke all unused approvals?
Yes, especially for inactive protocols. Each revocation costs a small gas fee, but it eliminates a potential attack vector. For agent wallets, build approval revocation into standard operating procedures.
Is Permit2 safer than standard approvals?
Yes. Permit2 adds built-in expiration to approvals, so old approvals automatically become invalid. It's a significant improvement over standard ERC-20 approvals that persist forever.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.