A friend of mine was hacked recently from a phishing link.

We used revoke.cash to remove bad approvals, but it missed a few from lesser known contracts. I was able to quickly spin up pre-configured @stelo links to easily fill the gap without needing to walk them through onerous technical details. 

Nice job @scharf!

making data useful with AI. Previously built @stelo to keep you safe from phishing 
benscharfstein.twitter
https://nf.td/ben

Stelo keeps your NFTs safe from phishing. Download @ stelolabs.com

Building /bright-moments - minting onchain art IRL | /purple #15 | FID 129 #magikarp

Hey, could you share the details of the approvals that you believe Revoke missed? And how did you determine these approvals?

It shouldn't matter whether something is a "lesser known" contract, Revoke should catch them all. So the added details would be very helpful for me to investigate.

Those should still show up on Revoke. But this type of approvals "resets" when the NFT gets transferred, do you think that could be the case here, or were the affected NFTs still in the user's wallet when they tried revoking their approvals?

They were specific token Approvals that were set, instead of SetApprovalForAll. It happened for Meebits, World of Women, and the Art Blocks x Pace contracts.