What is an ERC-20 token approval?
An ERC-20 token approval is a method of allowing a smart contract or another address to withdraw funds from the address sending the transaction. In most cases, this has to be done before a token trade or depositing funds into a smart contract like adding liquidity. Most protocols have users approve an infinite amount of tokens so they would never need to approve the asset again, but this can be dangerous.
How can an ERC-20 token approval compromise my wallet?
Once an approval is granted, some smart contracts may be able to execute transactions without further approval or action from the wallet owner. Protocols like Zapper, Li.Fi, and others have all been targets of hacks that steal assets through token approvals. Another method scammers use is having users give a token approval to the scammer's address so the scammer can steal legitimate tokens later. Metamask has created a helpful article on this topic for more visibility on the hundreds of airdrop scam tokens created to steal assets though token approvals.
How can I revoke these token approvals if my wallet has been compromised?
Here's a compiled listed of tools to revoke token approvals in case your wallet is ever compromised by one.