Solana Freeze Authority: When to Keep It On
Revoking Solana freeze authority is not always the right call. Here is when to keep it, when to drop it, and what it does in a real exploit.

The loudest piece of advice in Solana token launches is also the laziest: revoke freeze authority on day one or the community will not trust you. For a pure memecoin that advice is fine. For anything else, it means tossing out the only emergency brake your token ever shipped with, in exchange for a tribal signal that plenty of exchanges and treasury managers no longer even look at. The real question is not yes or no. The real question is when, and for whose benefit.
What freeze authority actually does
Think of freeze authority as the kill switch on a bank account. When your token is created, the key to that kill switch goes into one specific person's pocket. That person can lock any holder's wallet at will. A locked wallet cannot send the token, receive the token, or burn it. The balance just sits there. The owner still owns the position on paper, but every move outward gets rejected. The same person can unlock the wallet again, so the kill switch flips both ways.
There is a quiet detail people miss. The kill switch works one wallet at a time, not on the token as a whole. If you want to stop one thief from running off with stolen tokens, you lock their wallet and the job is done in a single step. If you want to halt every transfer of your token at once, your only option is to lock every single holder individually, including the liquidity pool's wallet, which in practice freezes the market. Almost no serious project uses that broad path. The per-wallet path is the one that earns its keep.
Removing the kill switch permanently is a one-way decision. You mark the authority as none on the token, and there is no recovery. No multisig vote, no emergency clause, no foundation override. The same applies to the mint authority (the right to create new tokens) and the right to update the token's display info. The three powers are separate. They are removed independently. Plenty of teams confuse them in public comms.
Three real reasons to keep it
The first reason is exploit response. A bridge breaks, a price oracle misreads, a vault contract leaks. The attacker now holds a large position in your token and is racing to swap it on a market or move it to a centralized exchange. If the kill switch is yours, you lock the attacker's wallet and the position locks in place. You then have hours, sometimes days, to coordinate with exchanges and bridge teams before anything moves. Large stablecoins like USDC, USDT, and PYUSD all keep the kill switch on for exactly this reason and use it routinely when law enforcement asks.
The second reason is compliance. Real-world asset tokens, security tokens locked to specific jurisdictions, and KYC-gated airdrops sometimes require the issuer to act on sanctions lists or court orders. The kill switch is the only practical tool behind that legal duty. If your token has any of those properties, switching it off is not a neutral act. It can put you on the wrong side of the requirement that made the issuance legal in the first place.
The third reason is vesting enforcement. A team or investor allocation with a cliff date can be locked by the issuer up front so the recipient cannot trade until the cliff date arrives. Most serious projects use a dedicated vesting program for this, but on smaller launches the kill switch is a cheap way to enforce a lockup without writing extra contracts.
Three real reasons to revoke
The trust signal is the dominant reason memecoins burn the kill switch immediately. Community wallets check on a chain explorer whether the freeze authority field is empty. If it is not, the assumption is the team can lock everyone's bag on a whim, and that assumption kills the launch narrative before it even starts. For a token with no roadmap, no audit, and no compliance angle, there is nothing the kill switch can practically do for you that justifies the friction.
Exchange listing alignment is the second reason, and it is more conditional than people claim. Some listing teams treat a live kill switch as a hard blocker. Others read the design memo, see the reasoning, and move on. The honest answer is to ask the target exchange directly before assuming. The widespread "all centralized exchanges reject live freeze authority" claim is closer to folklore than reality, yet it is still true often enough that a token aiming for a fast listing should plan around it.
The third reason is taking yourself off the threat board. Every authority you hold is an attack surface. A key leak, an insider attack, a compromise of a software library you depend on: any of these can turn your own authority against you. Some teams revoke the kill switch the moment the operational need is gone, simply to take themselves out of the attacker's target list.
Decision matrix: four scenarios
The matrix below collapses most launches into one of four buckets. If you do not fit cleanly into any of them, treat the closest row as your default and document the deviation in your token's design memo.
| Project type | Default action | Trigger to act |
|---|---|---|
| Pure memecoin, no roadmap | Revoke on day one | Launch transaction itself; bundle with the new-token-creation revoke |
| Utility token, active dev team | Hold then revoke | Audit passes, treasury multisig hardens, no incidents in 60 to 180 days |
| RWA or jurisdiction restricted token | Keep indefinitely | Publish the reasoning in the token design memo |
| Stablecoin or institutional asset | Keep permanently | Industry standard; documented in issuer policy |
The 60 to 180 day window is editorial guidance, not protocol. Pick the trigger that actually matters for your project (audit complete, multisig live, first major listing behind you) and tie the revoke moment to that event, not to a calendar date.
What the kill switch does NOT do
It does not stop new tokens from being created. The right to create new tokens is a separate role on the same token, removed independently with its own step. A token can have the kill switch turned off while the right to create new tokens is still alive, or the reverse.
It does not change the total supply. Locked tokens still count in circulating supply. They sit in a held position and the ledger keeps counting them. If you want to remove supply you use the burn step, and a locked wallet cannot burn anything.
It does not affect graduated Pump.fun tokens. The Pump.fun launch flow turns the kill switch off at the moment of creation as part of its bonding curve design. By the time a Pump.fun token graduates to Raydium, the kill switch has been gone for the entire life of the token. Trying to revoke or freeze a graduated Pump.fun token does nothing at all.
Freeze, unfreeze, and revoke on j.tools
Three separate operations, three separate tools, because the failure modes differ enough that lumping them together invites accidents. Use freeze a single token account when you need to lock one wallet. Fee is 0.01 SOL, sign with your kill switch key, point at the holder's account, the transaction lands and the position locks. Use thaw a previously frozen account for the inverse. Same key, same fee, the wallet unlocks.
The one-way operation is revoke freeze authority permanently. Fee 0.1 SOL. After this transaction lands there is no path back. If you want a single click that removes the right to create new tokens, the kill switch, and the right to update display info all at once, the make-immutable tool handles all three in one transaction for 0.2 SOL. Most teams should still do the three revocations separately so they can stage each one around a different operational milestone.
To verify the on-chain result after any of these, use read the current freeze authority state with the token snapshot reader. The snapshot pulls the token's record directly and shows the kill switch field as either a wallet address or "none", no chain explorer tab juggling required. To inspect where the kill switch was first assigned, look at how the token creator sets the initial authorities at launch time.
Common mistakes
- Revoking the kill switch on day one because the last popular launch did. Match the decision to the project, not to whichever memecoin trended last week.
- Holding the kill switch key on a single hot wallet. If you keep the authority alive, you keep it behind a multisig. No exceptions.
- Confusing the kill switch with the right to create new tokens in public comms. They are independent. A token can be inflation-safe (new-token creation revoked) and still hold the kill switch, or the reverse.
- Believing the kill switch locks the token globally. It locks wallets one at a time. Mass locks are slow, public, and politically costly.
- Trying to revoke the kill switch on a graduated Pump.fun token. Pump.fun's design already turned it off. There is nothing left to revoke.
Not every token should keep the kill switch on, and removing it is not always a tribal mistake. The choice is operational. Look at your project's threat model, its compliance posture, its launch narrative, and the maturity of your treasury operations. Decide deliberately, document the reasoning where holders can read it, and revisit the decision when the project crosses a real milestone. For practical setup steps the launch playbook guides walk through the actual sequence, and the Solana tag archive collects the broader security writeups.
What does revoking freeze authority mean?
Revoking freeze authority means you permanently hand back the kill switch so nobody can ever use it again, not even you. On-chain, the token's mint account carries a freeze authority field. While that field holds a wallet address, the holder of that key can lock or unlock any account that owns the token. Revoking sets the field to none. Once it reads none, the freeze power is gone for the life of the token, with no multisig, foundation, or upgrade path that can restore it.
One point trips people up: revoking the freeze authority does not touch your tokens, your supply, or your liquidity. It only retires one of the three control roles a Solana token ships with. The right to create new tokens and the right to update the token's display info are separate fields, and each is revoked on its own. You can drop the freeze power and still hold the other two, or the reverse.
How to revoke freeze authority on Solana (and when not to)
The mechanics take one transaction. The judgement call before it is the part that matters.
- Confirm you actually hold the authority. Read the token's current state first, so you are not signing against a field that is already none. The Holder Snapshot + Analytics reader shows the freeze field as either a wallet address or none.
- Check it against your scenario. If your token is a memecoin with no compliance angle, revoking is the clean call. If it is a real-world asset, a jurisdiction-restricted token, or anything where an issuer may be ordered to act, do not revoke, the field is the only tool behind that duty.
- Sign the one-way transaction. Open the Revoke Freeze tool, connect the wallet that currently holds the freeze authority, and approve. Browser-side signing only, your key never leaves your wallet. The live fee is shown on the tool page before you confirm.
- Verify the result. Re-read the snapshot. The freeze field should now read none. That empty field is exactly what a buyer's chain-explorer check looks for.
There is no undo. If you might still need exploit response, vesting enforcement, or a compliance lock, keep the authority and document the reasoning instead of revoking on reflex.
Planning a fresh launch rather than editing a live token? Set the authorities deliberately at creation time with the Token Creator, then stage each revoke around its own milestone afterward.
Freeze authority FAQ
Is it safe to keep freeze authority?
Keeping it is safe when the power sits on a hardened key, ideally a treasury multisig, and the team has a real reason to hold it. The risk is not the field itself, it is a single hot key that can be leaked or compromised and then turned against your own holders. Large stablecoins keep freeze authority on permanently because their custody and policy controls make holding it safer than dropping it.
Do buyers trust tokens with active freeze authority?
For pure memecoins, an active freeze field is read as a red flag and can stall a launch on its own. For utility tokens, real-world assets, and compliance-bound issuances, informed buyers read the design memo instead of the field in isolation. The signal cuts hard for memecoins and softly, sometimes not at all, for projects that explain why the authority exists.
Can I revoke freeze authority later?
Yes. Nothing forces the decision at launch. Many teams hold the authority through audit and the first major listing, then revoke once the operational need is gone. The reverse never works: once the field reads none, you cannot recreate the power, so later is always an option but undoing a revoke is not.


