Phantom / Solflare: review connected apps and token permissions in wallet settings Solscan: open your wallet → Token Accounts tab → inspect delegate column After a scare: run Tracefunds approval audit ($10) for a risk-ranked delegate table with direct Solscan links

Guide

Solana SPL Delegates: What They Are and How to Revoke Them

Solana token permissions work differently from Ethereum approvals. Learn what delegates are, when they are risky, and how to audit them before a drain.

Delegates are not ERC-20 approvals

On Ethereum, an Approval event lets a spender move tokens from your wallet. On Solana, permission is often stored on the token account itself — a delegate address authorized to transfer up to a set amount.

When delegates become dangerous

You connected to an unaudited dApp and signed a delegate instruction
Delegate address is unlabeled and holds authority over a large SPL balance
Multiple token accounts delegate to the same unknown program wallet

How to revoke

Phantom / Solflare: review connected apps and token permissions in wallet settings
Solscan: open your wallet → Token Accounts tab → inspect delegate column
After a scare: run Tracefunds approval audit ($10) for a risk-ranked delegate table with direct Solscan links

Prevention tone

An audit finds standing permissions — it does not prove you were hacked. Use it for triage and cleanup, not as a theft verdict.

Next step

Ready to index your own wallet or transaction on-chain?

Run SPL delegate audit