A

AMM (Automated Market Maker)

The dominant on-chain DEX mechanism. Uses pooled liquidity + a formula (e.g., Uniswap's x × y = k) instead of an order book — trades execute against the pool, not against a counterparty. Larger trades produce larger slippage.

approve

An ERC-20 mechanism. You authorize a smart contract to move up to a specified amount of one of your tokens at any future time. The single biggest loss vector for first-year users — phishing relies on tricking you into unlimited approves to malicious contracts. See swap tutorial / approve.

Address poisoning

Phishing pattern. Attacker generates a fake address matching the first/last few characters of your usual address, sends 0.001 USDC from it to plant it in your transaction history. Next time you copy from history, you may paste the wrong one.

B

BIP-39 / BIP-32 / BIP-44

Bitcoin Improvement Proposals. BIP-39 defines the wordlist + entropy-to-seed mapping; BIP-32 derives a hierarchical tree of private keys from a seed; BIP-44 standardizes paths across coins. Together: one 12/24-word seed restores every key on every chain a wallet supports.

BIP-39 passphrase / 13th word

An optional user-defined passphrase combined with the seed phrase. Even if the seed is stolen, without the passphrase the attacker can't access funds. Lose the passphrase and you can't either.

Blockaid

Wallet security extension / SDK that identifies malicious transactions and signatures. Now bundled by default in MetaMask.

C

CCTP (Cross-Chain Transfer Protocol)

Circle's official USDC cross-chain protocol. Burns USDC on the source, mints native USDC on the destination — destination is not a mirror token. The 2025–2026 default for large USDC bridges.

Clear Signing

Hardware wallet feature that displays the actual transaction content on the device screen (contract, function, parameters). Opposite is "Blind Signing" (only a hash shown). Always pick hardware with Clear Signing support.

D

DApp (Decentralized Application)

Application whose logic runs on smart contracts on a blockchain. Examples: Uniswap, Aave, OpenSea. You interact via a wallet, signing approves and transactions.

DEX (Decentralized Exchange)

An exchange without a custodian. Most DEXes are AMM-based (Uniswap, SushiSwap, Curve); some are order-book (dYdX, Vertex).

E

ERC-20 / ERC-721 / ERC-1155

Ethereum token standards. ERC-20 fungible (USDC/ETH); ERC-721 single NFT; ERC-1155 multi-token (game items). All three define approve-style mechanisms relevant to phishing defense.

EVM (Ethereum Virtual Machine)

Ethereum's bytecode VM. "EVM-compatible" chains (BSC, Polygon, Arbitrum, Base, X Layer) run the same bytecode, so contracts, wallets, and tools port across.

EIP-2612 / Permit

EIP introducing off-chain signature-based approve. Convenient but the fastest-growing phishing vector in 2025–2026. See phishing defense / pattern 2.

EIP-712

Structured-signature standard. Lets signatures carry fields (spender, value, deadline) rather than raw bytes. Permit phishing depends on it; wallet readability for EIP-712 remains poor.

ENS (Ethereum Name Service)

Maps 0x1234...abcd to name.eth. One effective defense against address poisoning.

G

Gas / Gas Price / Gas Limit

The three core concepts of execution fees. Gas = computational units; Gas Price = price per unit you pay; Gas Limit = max gas a single transaction can consume. Total fee = Gas Used × Gas Price.

Gas Token

The native asset used to pay gas on a chain. Ethereum / Arbitrum / Base / OP use ETH; BNB Chain uses BNB; Polygon uses MATIC; X Layer uses OKB; Solana uses SOL. Bridge a small amount alongside your main asset.

K

KYC (Know Your Customer)

Identity verification required by AML laws at centralized exchanges. Self-custody wallets don't require KYC.

L

L2 / Layer 2

A scaling layer on top of an L1 (e.g., Ethereum mainnet). Batches transactions for faster/cheaper UX, then commits back. Major L2s: Arbitrum, Optimism, Base, Polygon, zkSync, Linea, X Layer.

LayerZero

Cross-chain messaging protocol underpinning Stargate, deBridge, and others. Security model: oracle + relayer dual verification.

Lock-Mint

Legacy bridge mechanism. Source-chain assets locked, destination-chain mirrors minted. Risk: compromise of the bridge can mint mirrors out of thin air while real assets get drained. Wormhole 2022 and Multichain 2023 were lock-mint failures. Not recommended in 2026.

M

MEV (Maximal Extractable Value)

Value extracted by validators / miners by reordering, front-running, or sandwiching transactions in the mempool. Sandwich attacks are the most common form. Defenses: Flashbots Protect, MEV Blocker, tight slippage, split orders.

Mempool

Public waiting room for unconfirmed transactions on a chain. MEV bots monitor it.

Multisig

Wallet that requires N-of-M signatures to move funds. Gnosis Safe is the dominant implementation. Ronin Bridge 2022's $625M loss is the cautionary tale of "multisig where signers are highly correlated isn't multisig".

N

Nonce

Sequence number per address, increasing from 0. Two transactions sharing a nonce: only one succeeds. The mechanism behind cancellation / replacement.

P

Permit / Permit2

See EIP-2612. Permit2 is Uniswap's extended version that signs allowances for multiple tokens in one signature. The fastest-growing phishing vector in 2025–2026.

Private key

A 256-bit random number that is functionally the money. Anyone holding it can sign as the address. Never appears in cloud-connected files, photos, clipboards, or emails. See self-custody / private key.

R

revoke.cash

Open-source, free authorization manager. Scans your unrevoked approves across chains and lets you revoke them. Editorial recommendation: monthly. See swap / revoke.

Rollup / Optimistic / ZK

Two L2 families. Optimistic Rollups (Arbitrum / Optimism / Base) assume validity and run a 7-day challenge period for withdrawals. ZK Rollups (zkSync / Linea / X Layer) verify cryptographically; withdrawals settle in hours to a day.

S

Seed phrase (mnemonic)

The BIP-39-defined 12/24 English-word encoding of a wallet seed. Backup ≈ wallet backup. See self-custody / seed.

SetApprovalForAll

ERC-721 / ERC-1155 grant: authorizes an operator to move every NFT in a collection. The single most common NFT phishing vector. See phishing / pattern 1.

Slippage

The drift between quoted and executed price on a swap. Set a "slippage tolerance" = max acceptable drift; trades failing the bound are rejected. See swap / slippage.

Sandwich attack

An MEV bot front-runs your swap and tail-runs the other side to capture the price difference. Defense: private RPC (Flashbots Protect / MEV Blocker), tight slippage, split orders.

T

tx hash

The unique 64-character hex identifier of an on-chain transaction (0x-prefix). Look up any transaction on Etherscan / Arbiscan / OKLink etc. using its hash.

TVL (Total Value Locked)

Measure of capital locked in a DeFi protocol or chain ecosystem. DefiLlama is the de facto aggregator.

U

USDC / USDT

The two largest USD stablecoins. USDC issued by Circle (more regulated); USDT issued by Tether (wider liquidity, more compliance debate). The "cash equivalent" of on-chain.

USDC.e / mirrored USDC

Lock-mint legacy USDC variants on certain L2s (suffix .e or .b). Not Circle's native USDC; some dApps don't accept it. See bridge guide.

W

WalletConnect

Standard protocol connecting wallets to dApps. The QR-code scan flow you use to connect a mobile wallet to a desktop dApp.

X

X Layer

OKX's ZK Rollup L2 (mainnet April 2024). Based on Polygon CDK, OKB as gas. Deeply integrated with OKX exchange; withdrawals direct from OKX land in X Layer in seconds. See bridge / X Layer.

Z

ZK / Zero-Knowledge proof

Cryptography proving "I know X" without revealing X. ZK Rollups use ZK to compress L2 state changes into a succinct proof posted on L1.

---

Found an error? Suggestions for terms to add? Submit via the corrections page.