The reference glossary for the Blofin Academy security pillar. 45 terms covering wallets, keys, attack vectors, defenses, and recovery. Each definition is 1-3 sentences in plain language. The 2026 vocabulary includes attacks rare or non-existent in 2020 (signature phishing, wallet drainer, zero-value transfer, pig butchering); knowing the term is the first step to avoiding it.
What you'll learn
Foundational wallet terminology (A-F): wallet, address, seed phrase, cold storage
Core security terms (G-O): hardware wallet, KYC, OPSEC, mixing, multisig
Attack and threat terms (P-S): phishing, pig butchering, SIM swap, signature phishing
Recovery and procedural terms (T-Z): TOTP, transaction hash, vanity address, wrench attack
How to use this glossary
Read top-to-bottom on a first pass to build a vocabulary. Bookmark for lookup when you encounter a term in another guide. Most definitions link to a dedicated article in the Blofin Academy security pillar. The terms cover both the foundational concepts (wallet, address, seed phrase) and the 2026 attack vectors (signature phishing, wallet drainer, zero-value transfer). Both groups matter: the foundations explain how crypto works; the attack vectors explain what goes wrong.
For the broader pillar entry point, see what is a cryptocurrency wallet and what is self-custody.
Foundational wallet terms (A-F)
Core vocabulary that every crypto user encounters early: 2FA, addresses, BIP-32/39/44, cold storage, hardware wallets, ENS, fees. Mastering these terms is the entry point to safer self-custody.
2FA (Two-Factor Authentication)
A second verification step beyond your password when logging in. Authenticator apps (Google Authenticator, Authy) generate codes on your device. SMS-based 2FA sends codes by text. SMS is vulnerable to SIM swap; authenticator apps are not. See two-factor authentication for crypto.
Account abstraction
A newer Ethereum standard (ERC-4337) that turns accounts into smart contracts. Enables features like social recovery, gas sponsorship, and customizable transaction logic. The 2026 trend toward "smart wallets" runs on this standard.
Address (blockchain address)
The public string of characters that identifies a destination on a blockchain. People send crypto to your address. The address is derived from your public key by hashing and encoding. Bitcoin addresses look different from Ethereum addresses because each chain uses different rules. See what is a blockchain address.
Address poisoning
An attack where someone plants a lookalike address in your transaction history. The lookalike's first and last characters match an address you recently used. When you copy "the address you used last time," you copy the lookalike instead. See clipboard hijacking and address poisoning.
Air-gapped
Describes a device or wallet that has no internet connection. An air-gapped wallet signs transactions offline; transactions are transferred to a connected device by QR code or microSD card. Coldcard and some Keystone hardware wallets support air-gapped use.
Approval (token approval)
On EVM chains, an approval grants a smart contract permission to transfer tokens on your behalf. Legitimate uses include DEX swaps. Malicious approvals (signature phishing) let an attacker drain your tokens later. Audit approvals on Revoke.cash.
Authenticator app
An app that generates time-based one-time codes for 2FA. Google Authenticator, Authy, and similar tools generate codes on your device, not via SMS. Authenticator apps resist SIM swap attacks.
BIP-32 (Hierarchical Deterministic wallets)
The Bitcoin Improvement Proposal that defines how a single seed phrase generates an unlimited tree of keys and addresses. Modern wallets use BIP-32 to derive all your addresses from one backup.
BIP-39 (Mnemonic seed phrase)
The Bitcoin Improvement Proposal that defines the 12 or 24 word recovery phrase (source: BIP-39 specification). Most wallets use BIP-39, which is why seed phrases are interoperable across compatible wallet brands. See how to back up a seed phrase.
BIP-44
The standard for organizing addresses across different cryptocurrencies derived from the same seed phrase. Lets one seed manage Bitcoin, Ethereum, and other chains separately.
Clipper malware
Malware that monitors the clipboard and replaces crypto addresses you copy with the attacker's addresses. ClipXDaemon was a notable 2026 Linux variant. The original Clipboard Hijacker malware attacked over 2.3 million Bitcoin addresses since 2017 (source: BleepingComputer: clipboard hijacker malware).
Cold storage / cold wallet
A wallet whose private keys are not connected to the internet. Hardware wallets, paper wallets, and air-gapped setups are forms of cold storage. Used for long-term holdings.
CoinJoin
A non-custodial mixing technique on Bitcoin where multiple users pool transactions to obscure the sender-receiver link. JoinMarket is now the main remaining decentralized implementation (source: JoinMarket project site); Wasabi's zkSNACKs CoinJoin coordinator shut down June 2024 and Samourai was seized by US DOJ in April 2024. See crypto privacy basics.
Custodial wallet
A wallet where a third party (exchange or service) holds the private keys for you. Blofin, Coinbase, and Binance exchange accounts are custodial. You hold an account; the custodian holds the keys.
Decoy wallet
A small-balance wallet you can hand over under duress to satisfy an attacker while your main wallet stays hidden. Used as a physical-security layer against wrench attacks. See physical security for crypto.
Derivation path
The specific path in the BIP-32 tree that produces a particular address. Different wallets use different default derivation paths, which is why a seed phrase sometimes generates different addresses on different wallets even when both support BIP-39.
Drainer (wallet drainer)
Automated software that uses approvals (signature phishing) or stolen seed phrases to drain crypto wallets. Wallet drainer kits are sold as scam-as-a-service. See crypto phishing attacks.
ENS (Ethereum Name Service)
A naming service that resolves human-readable names (like blofin.eth) to Ethereum addresses. ENS makes addresses easier to share and harder to swap by clipboard malware.
Fee (gas fee, sat/vB)
The cost of including a transaction in a block. Bitcoin fees are measured in satoshis per virtual byte (sat/vB). EVM chains use gas units multiplied by gas price (base fee plus priority fee since EIP-1559). See how to send and receive crypto.
FIDO2
A standard for hardware-key authentication. FIDO2 keys (YubiKey, SoloKey, Google Titan) provide phishing-resistant 2FA. Stronger than authenticator apps for high-value accounts.
From Blofin's support inbox, the single most common terminology confusion among new users is "wallet" vs "address" vs "seed phrase." A wallet is the software or hardware. An address is the public string you share. The seed phrase is the master backup that regenerates all the keys. The three terms describe different objects that connect through the same chain.
Core security terms (G-O)
The terms that distinguish custodial from self-custody, hot from cold, single-signature from multisig. KYC and OPSEC bracket the spectrum of how identifiable your wallet activity is to outsiders.
Hardware wallet
A dedicated physical device that holds private keys in a secure chip. The keys never leave the device. Hardware wallets sign transactions on their own screen, isolated from your computer. See hardware wallet guide.
HD wallet (Hierarchical Deterministic)
A wallet that generates many addresses from one seed phrase using BIP-32 derivation. Modern wallets are HD by default. One backup covers all addresses.
Hot wallet
A wallet connected to the internet. Mobile and desktop wallets are hot. Convenient for active use, higher attack surface than cold storage. See software wallets guide.
KYC (Know Your Customer)
The identity verification regulated exchanges run before allowing deposits, withdrawals, or trading. Includes government ID upload, sometimes proof of address, sometimes proof of funds. KYC links your real identity to your wallet activity on the exchange.
Ledger
A major hardware wallet brand. Also used generically to mean "the blockchain itself" (Bitcoin is a public ledger). Context determines which meaning applies. Note: the company Ledger had data breaches in 2020 and January 2026 affecting customer contact info, not seed phrases.
Mixing (crypto mixing service)
Services that pool transactions from many users to obscure sender-receiver links. CoinJoin is the non-custodial form. Tornado Cash was the most prominent smart-contract mixer; sanctioned by US Treasury in 2022, then fully delisted from the SDN list in March 2025 after the Fifth Circuit ruling on IEEPA statutory authority (source: US Treasury press release SB0057: Tornado Cash delisting). Criminal cases against the founders remain pending.
Mnemonic (mnemonic phrase, seed phrase)
The 12 or 24 word recovery phrase that backs up a wallet. Synonymous with seed phrase. BIP-39 standardized the word list.
Multisig (multi-signature)
A wallet that requires multiple signatures to move funds. A 2-of-3 multisig has three keys, any two of which must sign. Used for high-value holdings and team treasuries. See the Physical security entry above for the multisig coercion-resistance angle.
Non-custodial wallet
A wallet where you hold the private keys yourself. Hardware wallets, MetaMask, Trust Wallet, Phantom are non-custodial. You control. You are also responsible.
OPSEC (operational security)
The discipline of not signaling that you hold crypto. Includes social media hygiene, separate email/phone for crypto accounts, data-broker opt-outs, and physical-address protection.
Attack and threat terms (P-S)
The 2026 attack vocabulary expanded faster than retail awareness. Signature phishing, wallet drainers, pig butchering, SIM swap, and social engineering each describe specific attack patterns with named tooling and known mitigations.
Paper wallet
A printout of a single private key and matching public address, used as cold storage in the 2011-2017 era. Deprecated in 2026; modern alternatives (hardware wallet + metal seed backup) are strictly better. See paper wallets guide.
Passphrase (BIP-39 passphrase, 25th word)
An extra word added to a BIP-39 seed phrase that creates a separate hidden wallet. Provides plausible-deniability protection during physical coercion. Combined with a decoy wallet, lets you hand over the visible seed without revealing the hidden balance.
Phishing
Any attack that tricks you into doing something that hands over funds or credentials. Credential phishing harvests email + password. Signature phishing harvests a transaction signature.
Pig butchering
A multi-month romance + investment scam where a stranger builds trust online, then introduces a "great investment" in crypto. Has extracted over $75 billion globally since 2020 (source: University of Texas / Crypto.com pig butchering study). See social engineering in crypto.
Private key
The secret 256-bit number that controls a crypto address. Anyone with the private key can sign transactions as the address owner. Wallets store the private key in encrypted form; you should not handle the raw key directly. See public keys vs private keys.
Public key
The cryptographic partner of the private key, derived from it through one-way math. The public key gets hashed and encoded to produce your address. Sharing the public key is safe; sharing the private key is not.
Recovery phrase
Synonymous with seed phrase or mnemonic. The 12 or 24 word backup that regenerates all the wallet's keys.
Revoke (token approval revoke)
Removing a previously-granted token approval on an EVM chain. Done via Revoke.cash or chain-native tools. Critical after a wallet compromise. See compromised wallet emergency steps.
RBF (Replace-by-Fee)
A Bitcoin feature that lets you replace a pending transaction with a higher-fee version, useful when the original is stuck in the mempool. Defined in BIP-125.
Seed phrase
The canonical recovery key for a wallet. 12 or 24 words from the BIP-39 word list. Anyone with the seed phrase has the wallet. Back up properly and never type into any connected device.
Signature phishing
A phishing attack where you sign a malicious transaction or token approval that drains your wallet. Distinct from credential phishing (which harvests passwords). The biggest single phishing category by dollar volume in 2026. Scam Sniffer tracked +207% growth in January 2026 alone (source: Scam Sniffer monthly phishing report).
SIM swap
An attack where someone convinces your phone carrier to transfer your number to a SIM they control. Used to intercept SMS-based 2FA and password reset codes. See SIM swap attacks.
Smart contract wallet
A wallet that lives as a smart contract on chain, not as a key pair. Enables features like social recovery, gas sponsorship, and customizable rules. ERC-4337 (account abstraction) standardizes this on Ethereum (source: ERC-4337 specification).
Social engineering
Manipulation of people rather than software. Includes phishing, pig butchering, fake support DMs, AI voice clones, authority impersonation, and recruitment scams.
From Blofin's compliance work, attack-vector terminology has expanded faster than user awareness in 2025-2026. The terms "signature phishing," "wallet drainer," "zero-value transfer," and "pig butchering" all describe attacks that did not exist or were rare in 2020. Knowing the term means knowing the threat exists, which is the first step to avoiding it.
Recovery and procedural terms (T-Z)
Procedural terms used in recovery and forensics: TOTP codes, transaction hashes, the UTXO model, vanity addresses, and the wrench attack reality of 2026 physical-security tradeoffs.
TOTP (Time-based One-Time Password)
The standard behind authenticator apps. RFC 6238. Generates 6-digit codes that change every 30 seconds. Used by Google Authenticator, Authy, and most 2FA apps. Resistant to SIM swap; vulnerable to phishing of the current code.
Transaction hash (txid)
The unique identifier for a transaction on a blockchain. A long hex string. Used to look up transactions on block explorers (Etherscan, BscScan, mempool.space). The transaction hash is the primary evidence in scam reports.
UTXO (Unspent Transaction Output)
The Bitcoin model for tracking balances. Each transaction consumes UTXOs as inputs and creates new UTXOs as outputs. Your "Bitcoin balance" is the sum of all UTXOs your wallet controls. Different from Ethereum's account model. See address reuse privacy risks.
Vanity address
A custom-crafted address with specific characters at the start or end. Vanity addresses can be benign (a project wants their name in the address) or malicious (an attacker grinds a lookalike for address poisoning). The grinding uses GPU compute.
Wallet
The software or hardware that holds your crypto keys and signs transactions. Does NOT hold the coins themselves; coins live on the blockchain. The wallet holds the keys to your coins.
Wrench attack
Physical coercion attack against a crypto holder, named after xkcd #538 (the $5 wrench). CertiK tracked 34 verified incidents and $101M in confirmed losses across the first four months of 2026, with full-year projections of ~130. See the Physical security entry above for defensive layers.
Zero-value transfer
A $0 transaction sent from an attacker's lookalike address to your address, planting a poisoning entry in your transaction history. BSC alone saw over 100 million zero-value transfer attempts in early 2026 (source: CyLab arXiv: address-poisoning analysis on BSC). See the Address poisoning entry above.
zk-SNARK (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge)
A cryptographic proof that something is true without revealing what or how. Used by Zcash for shielded transactions and by newer privacy chains (Aleo, Aztec, Penumbra). The math lets a transaction prove it is valid without exposing sender, recipient, or amount.
How this glossary fits the rest of the pillar
This glossary is the reference layer. The pillar's other articles cover each topic in depth. Use the glossary for quick lookup when you encounter an unfamiliar term in another guide; use the linked articles within each entry above for the procedural and analytical detail. The full pillar covers wallet selection, key management, setup, day-to-day use, security hygiene, threats, recovery, and privacy; each is linked from the relevant glossary entries above rather than re-linked here, to keep the index tight.
Researched and written by the Blofin Academy editorial team with AI-assisted drafting. Primary sources include the BIP-32, BIP-39, BIP-44, BIP-125 specifications, FIDO2/WebAuthn standard, ERC-4337 account abstraction specification, RFC 6238 TOTP standard, and the body of Blofin Academy security pillar articles that this glossary indexes. All facts independently checked against cited sources current as of May 2026.
This article is educational and does not constitute financial, legal, or technical advice. Crypto terminology evolves; some terms in this glossary will gain new meanings or be supplemented by newer concepts in future years. For the latest specific procedures, refer to the dedicated article linked under each term.