DeFi Glossary
66 terms every finance professional needs to know, defined in plain English with no jargon assumed.
Most DeFi glossaries are written for developers or by enthusiasts who have forgotten what it felt like to encounter these concepts for the first time. This one is written for finance professionals: people who understand interest rate risk, collateral management, and counterparty exposure, but who need the blockchain vocabulary to operate fluently in conversations where these concepts increasingly show up. Each definition starts from first principles and notes where the standard finance analogy breaks down, because those fracture points are where the real risk concentrates.
66 terms, updated regularly. See the full interactive DeFi course at defi-primer.omarmoonis.com.
A
- Airdrop #
- A distribution of free tokens to wallet addresses, typically as a reward for early protocol use, community participation, or as a marketing mechanism. Most airdrops are taxable events in most jurisdictions, which catches recipients off-guard when the token subsequently loses value but the tax liability was fixed at receipt.
- AMM #
- Automated Market Maker. A smart contract that prices and executes trades against a pooled liquidity reserve, using a formula like x·y=k instead of an order book. The formula ensures there is always a price, but the price worsens as trade size increases relative to pool depth. Explore AMMs interactively at the DeFi Primer.
- APY #
- Annual Percentage Yield. The return you would earn over a year, including compounding. DeFi APYs change continuously as utilization shifts, which makes headline rates poor predictors of actual returns. Compare DeFi APYs against TradFi benchmarks with the DeFi Yield Calculator.
- Audit #
- A formal review of a protocol's smart-contract code by a third party. Reduces but does not eliminate risk: every major exploit covered in these definitions happened to audited code. An audit is a point-in-time snapshot, not a continuous guarantee.
- AVS #
- Actively Validated Service. A service (oracle, bridge, data availability layer) that borrows cryptoeconomic security from restakers in exchange for paying fees and accepting slashing rules. The more AVSs a restaker opts into, the more slashing surfaces they are exposed to simultaneously. See: Restaking risk and the KelpDAO incident.
B
- Blockchain #
- A distributed ledger maintained by a network of independent nodes, where transactions are grouped into blocks and linked cryptographically. No single party controls it: that is both its security property and its governance challenge. Immutability means errors, exploits, and theft cannot be reversed by any authority.
- Bridge #
- Infrastructure that lets assets or messages move between chains. Trust assumptions vary widely: some bridges rely on trusted validators, others on cryptographic proofs. Bridges have historically been the highest-loss category in DeFi, accounting for a disproportionate share of total protocol losses. See: Cross-Chain Bridges: The CDOs of DeFi.
C
- CEX #
- Centralized Exchange. A custodial trading platform that holds user funds and runs an off-chain order book. Counterparty risk is the primary concern: the exchange can be hacked, mismanaged, or fraudulent. FTX demonstrated that "reputable" is not a substitute for segregated custody.
- CLMM #
- Concentrated Liquidity Market Maker. An AMM variant where liquidity providers choose a specific price range, improving capital efficiency at the cost of more active management. If the price moves outside a position's range, the LP earns no fees and holds only the underperforming asset.
- Cold Wallet #
- A wallet whose keys are stored offline, typically on a hardware device or air-gapped machine. Slower to use, harder to compromise remotely. The appropriate storage mechanism for assets not needed for frequent transactions. See the full self-custody risk framework at self-custody.omarmoonis.com.
- Collateral #
- Assets pledged to secure a loan. In DeFi lending, collateral is locked in a smart contract and automatically liquidated if its value drops below a threshold, with no discretion and no warning period. Overcollateralisation is the norm because DeFi cannot assess creditworthiness or enforce legal recourse.
- Composability #
- The property that lets DeFi protocols be combined like building blocks: a loan in one protocol used as collateral in another, which feeds yield into a third. Creates capital efficiency and systemic contagion risk simultaneously. When one layer in a composable stack fails, cascading liquidations across dependent protocols can follow within the same block.
- Custody #
- Control over the private keys that authorize transactions on a blockchain. Self-custody means you hold the keys; exchange custody means a third party does. Neither is without risk: self-custody concentrates operational and key-management risk on the holder, while exchange custody introduces counterparty and regulatory risk. Full institutional framework at self-custody.omarmoonis.com.
D
- DAO #
- Decentralized Autonomous Organization. A governance structure where token holders vote on protocol decisions. On-chain DAOs can have execution delays (timelocks); many do not. Token-weighted voting means large holders dominate decisions, which concentrates governance risk in a structure that looks decentralized but often is not.
- DeFi #
- Decentralized Finance. Financial services: lending, trading, yield generation, built on public blockchains and executed by smart contracts, with no central intermediary controlling access or holding assets. The absence of a central gatekeeper is the feature; the absence of recourse when something goes wrong is the corresponding risk. The DeFi Primer covers the full landscape interactively.
- DEX #
- Decentralized Exchange. Trades execute on-chain against either pooled liquidity (AMM) or an order book, without a central custodian. Non-custodial: your assets never leave your wallet until the trade executes. Trade-off: no fraud protection, no KYC, and smart-contract risk in every swap.
- DPRK #
- Democratic People's Republic of Korea. State-sponsored hacking groups (Lazarus, TraderTraitor) attributed to DPRK have stolen over $6 billion in crypto since 2022, primarily via social engineering, including the approximately $1.5 billion Bybit theft (2025) and the $285M Drift exploit (2026). Sources: Chainalysis 2025 Crypto Crime Report; TRM Labs North Korea threat assessment. A geopolitical risk category that most traditional risk frameworks do not adequately capture.
- DSR #
- Dai Savings Rate. The rate Maker/Sky pays for locking DAI in the protocol. Functions as a sovereign-rate analog for the stablecoin: when the DSR rises above money market rates, it attracts inflows that tighten DAI supply and support the peg.
- DVN #
- Decentralized Verifier Network. LayerZero's configurable signing set: messages require attestation from a chosen DVN configuration. Protocol teams select their own DVN set, which means security is only as strong as the weakest DVN in that configuration.
E
- EVM #
- Ethereum Virtual Machine. The computation engine that executes smart contracts on Ethereum and EVM-compatible chains (Polygon, Arbitrum, Base, and others). EVM compatibility is why code written for Ethereum runs on dozens of other networks with minimal modification, which both accelerates deployment and propagates vulnerabilities across chains simultaneously.
F
- Flash Loan #
- An uncollateralized loan that must be borrowed and repaid in the same transaction. Legitimate uses include arbitrage and collateral swaps. The exploit use case is more significant: flash loans let anyone access tens of millions of dollars for the cost of a single transaction, enabling price oracle manipulation and governance attacks that would otherwise require massive capital. See: DeFi: United We Stand.
G
- Gas #
- The unit of computational work on Ethereum. Users pay gas fees in ETH; validators collect them. High gas correlates with network congestion. Layer 2 networks reduce gas costs by orders of magnitude by batching transactions and settling proofs to the base layer rather than executing every transaction on it.
- Governance Token #
- A token conferring voting rights on protocol parameters. Value depends on whether governance controls meaningful revenue or risk. Many governance tokens control neither: the team retains veto power via multisig, and the protocol generates no fee revenue to distribute. Assess what governance actually controls before treating it as a value driver.
H
- Hardware Wallet #
- A physical device that stores private keys offline and signs transactions without exposing keys to an internet-connected machine. The strongest practical defense against remote theft of self-custodied assets. Supply chain risk (buying second-hand or from unofficial resellers) is a real attack vector: always buy from the manufacturer directly.
- Hot Wallet #
- A wallet whose private keys are stored on an internet-connected device (browser extension, mobile app, exchange interface). Convenient but exposed to remote compromise. Appropriate for frequent transactions with small amounts. Not appropriate for storing significant value. The operational equivalent of carrying cash in your pocket rather than keeping it in a safe.
I
- Impermanent Loss #
- The relative loss an LP takes versus simply holding the two assets, caused by price divergence between them. Not loss versus cash: loss versus the buy-and-hold alternative. "Impermanent" is a misleading label: the loss becomes permanent if the LP withdraws before prices revert. The higher the correlation between the two assets, the lower the impermanent loss risk.
K
- KYC/AML #
- Know Your Customer and Anti-Money Laundering. Regulatory requirements that financial institutions must verify customer identity and monitor transactions for suspicious activity. Most CEXs are subject to KYC/AML obligations; most DeFi protocols are not. Under FATF guidance, VASPs must collect and retain originator and beneficiary data when transacting with self-hosted wallets, even though there is no counterpart VASP to transmit to — tightening the compliance perimeter around unhosted wallets without fully closing it. Source: FATF Best Practices on Travel Rule Supervision (June 2025). The boundary between regulated and unregulated is where most compliance risk currently concentrates.
L
- Layer 1 #
- A base blockchain network that maintains its own consensus and security: Ethereum, Bitcoin, Solana, and others. All Layer 2 networks ultimately derive their security from an underlying Layer 1. The security, decentralization, and throughput trade-offs baked into a Layer 1 cannot be fully escaped by the Layer 2 networks built on top of it.
- Layer 2 #
- A scaling solution built on top of a base chain (Layer 1) that posts data or proofs back to it for security. Rollups are the dominant L2 architecture: they reduce fees while inheriting Ethereum's security. The sequencer running most L2s is still centralized, which creates a censorship assumption most users overlook. See: Why blockchain infrastructure matters for AI.
- Liquidation #
- Forced closure of an undercollateralized borrowing position. Liquidators repay debt at a discount; the borrower loses collateral above their loan value. DeFi liquidations happen automatically by smart contract, with no discretion and no margin call. In volatile markets, cascading liquidations across correlated positions can accelerate price moves dramatically.
- LP #
- Liquidity Provider. A user who deposits assets into an AMM pool in exchange for a share of trading fees. LPs bear impermanent loss risk, smart-contract risk, and the risk of the protocol itself being exploited. Fee income must exceed impermanent loss plus the opportunity cost of alternative deployments to be economically rational.
- LRT #
- Liquid Restaking Token. An LST that has been deposited into a restaking protocol, paying staking and restaking rewards but inheriting restaking risks including slashing from multiple AVSs simultaneously. The KelpDAO incident (April 2026, $292M, per Chainalysis and CoinDesk) illustrated how LRT architecture can amplify a single exploit into system-wide losses. See: Gone in 46 Minutes.
- LST #
- Liquid Staking Token. A token representing staked ETH (or SOL, etc.) that remains transferable and usable in DeFi while continuing to earn staking yield. Solves the illiquidity problem of native staking, at the cost of adding smart-contract risk and a dependency on the liquid staking protocol maintaining its peg to the underlying asset.
M
- MEV #
- Maximal Extractable Value. Value that can be extracted by ordering, including, or censoring transactions within a block. Sources include arbitrage, liquidations, and sandwich attacks. MEV is a structural feature of public blockchains, not a bug: any system where transaction ordering is controlled by someone will generate ordering rents. The question is who captures them.
- Multisig #
- A wallet requiring N-of-M signatures to authorize transactions. Structurally stronger than a single key, but only as safe as the signing process. The Bybit theft (2025, approximately $1.5 billion per FBI/IC3) targeted the user interface rather than the cryptography: attackers injected malicious JavaScript into Safe{Wallet}'s frontend, causing signers to approve a manipulated transaction payload while the display appeared legitimate. Sources: NCC Group technical analysis; Cyfrin post-mortem. Hardware is not the weak link; humans are.
N
- NFT #
- Non-Fungible Token. A token representing unique ownership of a digital or physical asset, recorded on a blockchain. Unlike fungible tokens (where one unit equals another), each NFT is distinct. Ownership of the token does not necessarily confer rights to the underlying asset: the legal relationship between NFT ownership and real-world rights remains largely untested in most jurisdictions.
O
- Oracle #
- A service that brings off-chain data (prices, events) on-chain. Many DeFi exploits originate in oracle manipulation rather than contract bugs: if an attacker can move a price feed, they can trigger artificial liquidations or drain lending protocols. Price oracles sourced from thin on-chain liquidity are particularly vulnerable to flash loan manipulation.
P
- Perp #
- Perpetual future. A derivative with no expiry; funding payments between longs and shorts keep its price tethered to the spot reference. The dominant trading instrument on DeFi derivatives platforms. Funding rates can become significantly negative during sustained bear markets, creating a carry cost that erodes leveraged long positions.
- Permissionless #
- Open to any participant without requiring approval. The defining property of public DeFi: anyone can deploy a contract, add liquidity, or borrow. This also means anyone can deploy malicious code, create fraudulent tokens, or drain a protocol with no prior relationship required. Permissionlessness is not a neutral property: it shapes the risk profile of everything built on top of it.
- Private Key #
- A cryptographic secret that authorizes transactions from a blockchain address. Whoever holds the private key controls the funds, with no password reset, no fraud team to call, and no way to reverse an unauthorized transaction. Private key compromise accounts for the majority of individual theft losses in DeFi. See the full risk framework at self-custody.omarmoonis.com.
- Proof of Stake #
- A consensus mechanism where validators are selected to produce blocks in proportion to the cryptocurrency they have staked as collateral. Ethereum has used Proof of Stake since The Merge (2022). Energy-efficient relative to Proof of Work, but introduces validator collusion risk, liquid staking concentration risk, and slashing mechanics that are unfamiliar to most traditional finance risk frameworks.
- Proof of Work #
- The original Bitcoin consensus mechanism, where miners compete to solve computationally intensive puzzles to validate blocks. Energy-intensive by design: the energy expenditure is the security model. Replacing the work with cheaper computation would collapse the cost of attacking the network. Still used by Bitcoin; largely abandoned by other major networks in favour of Proof of Stake.
R
- Relayer #
- An off-chain service that collects signed transactions or messages from users and submits them to a blockchain on their behalf. In DEX protocols, relayers host order books and match trades off-chain before settling on-chain. In cross-chain bridges, relayers listen for events on one network and deliver the corresponding proof to another, acting as the messenger layer between chains. Relayer reliability is a key risk factor in bridge security: a compromised relayer can stall or manipulate cross-chain transfers. See: Cross-Chain Bridges: The CDOs of DeFi.
- Restaking #
- Reusing staked ETH as security for additional services (AVSs). Compounds yield and compounds slashing surface area in equal measure. A validator opting into multiple AVSs can be slashed by any of them simultaneously. The yield premium over vanilla staking reflects this additional risk, though the market was slow to price it correctly before the first restaking incidents. See: Gone in 46 Minutes.
- Rollup #
- A Layer 2 that executes transactions off-chain and posts compressed data (and optionally validity proofs) to Ethereum. Optimistic rollups use fraud proofs and have a 7-day withdrawal delay; ZK rollups use validity proofs and can finalize faster. Both reduce fees by 10-100x while relying on Ethereum for ultimate security. See: No Blockchain, No AI.
- RWA #
- Real World Asset. Traditional financial assets (Treasury bonds, private credit, real estate) tokenized and brought on-chain. The fastest-growing DeFi category in 2024-2025, bridging institutional finance and blockchain settlement. The on-chain token is only as good as the legal structure backing it: tokenization does not eliminate counterparty risk, it relocates it to the issuer and the legal jurisdiction governing redemption. See: The OCC bank charter signal.
S
- Sandwich Attack #
- An MEV strategy where a bot places one transaction just before and one just after a victim's trade, profiting from the price move the victim's order creates. Most visible on illiquid pairs with high slippage tolerance. Setting a tight slippage limit is the primary user defense, at the cost of more frequent transaction failures during volatile periods.
- Seed Phrase #
- A 12 or 24-word sequence that encodes a wallet's private key in human-readable form. Anyone who knows your seed phrase controls your wallet permanently. Seed phrases should never be stored digitally, photographed, entered into any website or app, or shared with any person under any circumstances. The most common self-custody loss vector after direct key theft.
- Sequencer #
- The centralized entity that orders transactions on most optimistic rollups and ZK rollups. A sequencer can delay or censor transactions, creating a trust assumption the base chain does not have. Most L2s are working toward decentralized sequencers, but as of 2025 most production sequencers are still operated by a single entity.
- Slashing #
- Programmatic confiscation of a validator's stake for protocol violations (double signing, downtime beyond thresholds). Restakers can be slashed by any AVS they opt into, compounding the risk surface. Unlike a fine or penalty in TradFi, slashing is automated, immediate, and irreversible.
- Slippage #
- The difference between the expected and executed price of a trade. Higher on illiquid pairs or large orders. AMM slippage is deterministic from pool depth; order-book slippage depends on market conditions at execution time. Setting slippage tolerance too high invites sandwich attacks; setting it too low causes frequent failed transactions.
- Smart Contract #
- Self-executing code deployed on a blockchain. Once deployed, runs deterministically on every node. Cannot be stopped, altered, or appealed: the code is the law. Bugs in smart contracts cannot be patched without migrating to a new contract. Every DeFi protocol is a stack of smart contracts, which means protocol risk is fundamentally code risk. See: Cross-Chain Bridges: The CDOs of DeFi.
- Stablecoin #
- A token designed to track a reference price, usually $1. Backed by fiat reserves (USDC, USDT), crypto collateral (DAI), or algorithmic mechanisms (varying success: see UST/Luna, 2022). Reserve quality, redemption rights, and issuer jurisdiction determine the real risk profile: not all $1 stablecoins are equal. Explore stablecoin mechanics at the DeFi Primer.
- Staking #
- Locking cryptocurrency in a network's consensus mechanism (Proof of Stake) to earn rewards for validating transactions. Also used loosely in DeFi to mean depositing tokens in a protocol for yield, which is structurally different: protocol staking does not secure a blockchain and carries full smart-contract risk alongside the yield. The two uses of the word describe fundamentally different risk profiles.
T
- Timelock #
- A governance delay between a proposal passing and its on-chain execution. The single cheapest security measure a protocol can add: it gives users time to exit before a harmful governance change takes effect. A protocol with no timelock can have its parameters changed in a single block, with no warning and no recourse.
- Token #
- A digital asset issued on a blockchain. Tokens can represent ownership, governance rights, utility, claims on underlying assets, or nothing at all. All tokens carry issuer risk; few have the legal protections of regulated securities. The word describes a technical structure, not a legal classification: the same token can be a security in one jurisdiction and a commodity in another.
- TradFi #
- Traditional Finance. The incumbent financial system: banks, asset managers, exchanges, and regulators operating under established legal and regulatory frameworks. DeFi's structural foil and, increasingly, its counterparty. The TradFi-to-DeFi transition is the analytical lens most of the content on this site is built around. See: Are We in 1996 Again?
- TVL #
- Total Value Locked. The aggregate dollar value of assets deposited into a protocol. A scale metric, not a quality metric: high TVL does not imply security, sustainability, or legitimate use. TVL figures can be inflated by circular deposits where the same assets are counted multiple times across composable protocols.
V
- Validator #
- A node that proposes and attests to new blocks in a proof-of-stake network. Requires staking capital; misbehaviour triggers slashing. In Ethereum, 32 ETH minimum to run a validator; the Pectra upgrade (May 2025) raised the maximum effective balance to 2,048 ETH, enabling validator consolidation. Validator concentration among large staking pools is an ongoing decentralization concern.
- Vault #
- A managed strategy contract that pools user deposits and runs a specific yield-seeking program (leveraged staking, automated LP management, etc.). Adds operational convenience but also adds one more smart-contract layer between the user and their capital. Strategy risk, manager risk, and contract risk all stack on top of each other in vault architectures.
- veTokenomics #
- Vote-escrow token model. Users lock tokens for a period of time to receive voting power and often boosted yield. Locks in illiquidity in exchange for governance influence. Popularized by Curve (veCRV). Creates long-term alignment incentives but also creates secondary markets for governance influence (bribes) that the model's designers did not fully anticipate.
W
- Wallet #
- Software or hardware that manages the private keys controlling a blockchain address. A wallet does not store tokens: tokens live on-chain. It stores the keys that prove ownership. The word "wallet" implies a container, which is technically misleading: losing your wallet does not mean you lost your assets, but losing your keys does.
- Wrapped Token #
- A tokenized representation of an asset from another chain or context. WBTC is Bitcoin wrapped on Ethereum; wETH is ETH wrapped as an ERC-20. Adds a redemption trust assumption: the wrapped token is only as good as the custodian or bridge holding the underlying asset. WBTC's custodian change controversy (2024) illustrated how wrapper governance can become a risk in itself.
Y
- Yield #
- The return paid to capital. In DeFi, sources include trading fees, interest, staking rewards, points, and token incentives. Separating real yield (fees and interest from genuine economic activity) from subsidized yield (token emissions that dilute existing holders to pay new ones) is the central analytical task in any DeFi allocation decision. Use the DeFi Yield Calculator to compare against TradFi benchmarks.
- Yield Aggregator #
- A protocol that automatically routes and compounds yield across multiple strategies on behalf of depositors. Adds operational convenience but also adds one more smart-contract layer between the user and their capital. The convenience premium must be weighed against the additional contract surface area and the strategy risk of whoever is managing the routing logic.
Z
- zkEVM #
- A zero-knowledge Ethereum Virtual Machine. Executes EVM-compatible smart contracts and produces cryptographic proofs of correctness. Powers ZK rollups like zkSync and Scroll. The cryptographic proofs allow near-instant finality on Layer 1 without the 7-day fraud-proof window of optimistic rollups, at the cost of higher computational complexity in proof generation.