What Is DeFi (Decentralized Finance)?

• What it is. DeFi is open-source financial software on blockchains that uses smart contracts to run lending, trading, and yield functions without a traditional bank intermediary.
• Why it matters. DeFi protocols let users access on-chain markets, lending pools, and yield strategies directly from wallets, while also making financial infrastructure easier for developers to compose.
• Main risk or limitation. Smart contract actions can be irreversible and DeFi protocols have suffered major exploits, with no FDIC insurance, chargeback mechanism, or guaranteed customer support when funds are lost.

The diagram below contrasts a bank-mediated transaction with its DeFi equivalent, showing how a smart contract removes the need for a human intermediary.

In a traditional bank transaction, a lender approves your loan, a broker executes your trade, and a payment processor moves your funds. Each step involves a trusted intermediary that can reject, delay, or reverse the action. In DeFi, self-executing smart contracts perform those functions automatically when predefined conditions are met, with no human in the loop.

A smart contract is a program stored on a blockchain — Ethereum is the primary platform for DeFi — that executes when its inputs are satisfied. “If Alice sends 1 ETH, send her 100 USDC” is a basic version of the logic governing token swaps on a decentralized exchange. In non-upgradeable designs, no party can override the contract after deployment, so the code runs as written. In upgradeable or governed protocols, admin keys, pause switches, governance votes, or module changes can still alter how the system behaves.

Users interact with DeFi protocols through a self-custody wallet connected directly to the protocol. There is no protocol-level account creation or approval queue in most cases, and many DeFi protocols do not require know-your-customer checks at the smart-contract layer. A user still needs the right assets, enough of the network's native token to pay fees, and an access path that is not blocked by a front end, wallet policy, or local restriction.

Composability is what separates DeFi from a collection of isolated financial apps. DeFi protocols are designed to interoperate — each protocol's output can become another protocol's input, which is why the space is sometimes called “Money Legos.” A flash loan shows how this works in practice: in a single Ethereum transaction, a user can borrow $1 million from Aave without collateral, trade those funds on Uniswap, repay the Aave loan with interest, and keep any arbitrage profit — all in one atomic operation that either fully succeeds or fully reverts. No single institution could offer this. It requires composability across three independent protocols running on the same blockchain. The flash loans section below gives a deeper breakdown of how they work and where the risks appear.

DeFi covers a wide range of financial activity. Each major category below represents a class of protocols, not a single application.

DeFi Staking vs Lending vs Yield Farming vs Liquidity Providing

Users often use “DeFi staking” as a catch-all phrase for earning yield on-chain. That creates confusion because different DeFi yield methods work in different ways and carry different risks.

Before depositing assets, a user should know what is actually creating the return. Yield from borrower interest is different from yield paid in a newly issued token, and both are different from trading fees in a liquidity pool. The table below breaks down each method.

The safest-looking number is not always the safest yield. Stablecoin lending on established protocols is easier to understand than volatile-token liquidity farming, but it can still carry smart contract, stablecoin, oracle, liquidation, and withdrawal risks.

Decentralized Exchanges

A DEX enables token trading without a central operator. Many DEXs, including Uniswap, use an automated market maker (AMM) model. Users who act as DeFi liquidity providers deposit pairs of tokens into pools, and a pricing algorithm determines exchange rates based on the ratio of assets in each pool. Other DEX designs use order books or hybrid routing, so DEX should be treated as a category rather than one execution model. Traders pay a small fee shared among the depositors. Check Uniswap market data for current volume and protocol metrics.

Lending and Borrowing

Aave and Compound allow users to supply crypto assets to shared pools and earn interest, or to borrow against their existing crypto holdings without a credit check. Collateral must exceed the borrowed amount — if it falls below a protocol-defined threshold, the protocol automatically liquidates it to protect lenders. There are no loan officers or manual credit approvals at the protocol layer, but front-end access, sanctions policy, and local law can still affect who can use a given service. See Aave protocol data for current lending rates and protocol scale.

Yield Farming

Yield farming — also called liquidity mining — lets users earn additional token rewards by supplying assets to a protocol. New protocols often advertise very high annual percentage yields to attract early capital, paid in the protocol's own governance token. Those rewards can collapse rapidly when the token loses value, and higher yields reliably signal higher risk. Yield farming is an active strategy, not a passive one.

Liquid Staking

Liquid staking protocols solve a specific limitation of Ethereum's proof-of-stake system: staked ETH is locked and cannot be used elsewhere while earning yield. Lido accepts ETH deposits and issues stETH — a token representing the staked position — which can be used across other DeFi protocols while still accruing staking rewards. Lido remains one of the largest liquid-staking protocols and has often ranked near the top of DeFi TVL tables, though rankings shift with markets and methodology. See Ethereum's proof-of-stake mechanics for context on why liquid staking became a major DeFi category.

Stablecoins

DAI — governed by MakerDAO, now operating under the Sky Protocol brand — is a crypto-collateralized stablecoin issued on-chain. Unlike USDT or USDC, which are backed by off-chain dollar reserves held by companies, DAI is backed by excess crypto collateral locked in smart contracts, governed by token holders through on-chain voting. It remains one of DeFi's major dollar-denominated units of account, alongside fiat-backed stablecoins such as USDC and USDT. Users researching stablecoins should compare centralized and decentralized models before treating any dollar token as interchangeable.

Flash Loans

Flash loans are uncollateralized loans that must be borrowed and fully repaid within a single blockchain transaction. If the repayment condition is not met, the entire transaction reverts — no funds leave the lender's effective control in a lasting state. Legitimate uses include arbitrage between DEX prices and liquidating undercollateralized positions before a protocol reaches insolvency. Attackers have also used flash loans to amplify exploits, borrowing large sums to manipulate thin markets within the span of a single block.

Real-World Asset Tokenization

RWA tokenization brings traditional financial assets — US Treasury bills, private credit, commercial real estate — onto public blockchains. Protocols such as Ondo Finance and Centrifuge issue on-chain tokens backed by off-chain assets, acting as a bridge between DeFi and TradFi. The category became more prominent through 2024 and 2025 as institutional interest in blockchain-native settlement increased, though users still need to check issuer structure, redemption rights, and off-chain custody before treating tokenized assets as equivalent to traditional instruments.

Total value locked — TVL — is the most commonly cited metric for the scale and health of the DeFi ecosystem. It measures the dollar value of crypto assets deposited into DeFi protocols at any given moment. Higher TVL indicates more capital at work and, broadly, more user confidence in the system. Lower TVL indicates withdrawal and risk aversion.

DefiLlama is the standard public dashboard for tracking DeFi TVL across protocols and blockchains. Rankings can shift quickly as asset prices move, deposits flow between protocols, and dashboards apply different filters. Check the live dashboard for current figures before relying on any protocol ranking.

DeFi's TVL history tracks the broader crypto market with amplification. The ecosystem fell sharply in late 2022 after FTX collapsed, then recovered through the next cycle as asset prices, stablecoin liquidity, and protocol deposits improved. Exact aggregate totals should be quoted with a capture date and methodology note, because dashboard settings can include or exclude recursive deposits and other double-counted positions.

TVL is an imperfect metric for one key reason: it can be inflated through recursive deposits — the same underlying asset counted separately at multiple protocol layers. A user who stakes ETH with Lido to receive stETH, then deposits stETH into Aave as collateral, contributes to TVL figures at both protocols using one underlying asset. DefiLlama offers a double-count-excluded view that filters for this effect, but no aggregate figure is perfectly clean. TVL measures scale and user confidence. It does not measure solvency.

DeFi operates in a genuinely unclear regulatory environment. Major jurisdictions still regulate DeFi through existing financial, sanctions, tax, and anti-money-laundering rules rather than a single settled DeFi-specific regime.

The US picture is defined primarily by enforcement actions and regulators applying existing law to new circumstances:

• The Securities and Exchange Commission and the Commodity Futures Trading Commission have overlapping and unresolved jurisdictional claims. The SEC treats many DeFi protocol tokens as securities under existing statutes. The CFTC treats certain crypto derivatives as commodity markets. Neither agency has issued comprehensive guidance specifying which DeFi activities fall within its authority.
• A major precedent came in August 2022, when OFAC sanctioned Tornado Cash — applying sanctions not only to a company or individual but to the smart contract addresses themselves. On March 21, 2025, the US Treasury removed those sanctions after reviewing the legal and policy issues.
• Developers associated with Tornado Cash still faced criminal cases in multiple jurisdictions. The Treasury's 2023 Illicit Finance Risk Assessment of DeFi continued to frame DeFi services with identifiable control points as higher-risk channels.
• No comprehensive DeFi legislation had passed the US Congress as of April 2026.

In the European Union, the Markets in Crypto-Assets Regulation (MiCA) established licensing and conduct requirements for crypto-asset service providers such as exchanges and custodians, as well as rules for token issuers. Fully decentralized services without an identifiable intermediary may fall outside parts of MiCA's direct scope, but the boundary is still fact-specific and unsettled.

The Tornado Cash episode has materially affected open-source DeFi development even after the sanctions delisting. Developers working on privacy tools or protocols in legally sensitive categories still face legal uncertainty that did not exist before 2022. Regulatory risk is not the same as prohibition, but it remains a real layer of legal exposure for developers and users alike.

DeFi carries risks that regulated financial systems do not. The specific risks below are distinct from traditional finance and worth understanding individually before putting capital at work.

Smart contract exploits are the largest category of DeFi losses by dollar value. When a contract contains a bug or logical flaw, an attacker can drain funds before developers can respond — and most blockchains offer no mechanism to reverse confirmed transactions. The Ronin Network compromise in March 2022 and the Euler Finance exploit in March 2023 showed how quickly protocol losses can compound when core security assumptions fail.

Rug pulls are a separate risk: developers deliberately exit with user funds rather than being attacked by an outside party. This pattern is most common in newly launched protocols with anonymous teams and unaudited contracts. High advertised yields, rapid TVL growth, and anonymous development teams are common warning signs, though not reliable predictors of any single protocol's behavior.

Impermanent loss affects liquidity providers in AMM-based DEXs. When the price ratio between two assets in a pool shifts significantly, the LP ends up holding a different asset mix than originally deposited — one worth less than simply holding both assets without providing liquidity. The “impermanent” label reflects that the loss reverses if prices return to their original ratio. In practice, many price shifts do not reverse.

Oracle manipulation attacks exploit the external price feeds that DeFi protocols depend on to value assets correctly. DeFi price oracles report real-world prices to on-chain contracts. An attacker who can briefly shift a price on a thin market — typically through a flash loan — can mislead a protocol into mispricing collateral or triggering incorrect liquidations. Chainlink's decentralized oracle network was designed to raise the cost of this attack, but oracle risk has not been eliminated.

Unsustainable yield is a consistent pattern in the space. Protocols advertise high APY figures that include rewards paid in newly issued governance tokens whose value can collapse rapidly. The effective yield often falls long before the headline figure would suggest. Yield numbers shown by aggregators should be treated as estimates based on current conditions.

No recourse mechanism exists in DeFi. Funds sent to a wrong address, lost through an exploit, or trapped in a failed protocol are gone unless the counterparty voluntarily returns them. There is no chargeback, no deposit insurance, and no entity with a legal obligation to compensate users for losses.

Three practical elements are required before interacting with any DeFi protocol: a self-custody wallet, assets that include the network's fee token, and enough understanding of what you are doing to recognize a phishing site or a suspicious contract.

Wallets: A self-custody wallet holds your private keys and signs transactions on your behalf — it does not store your funds at a company. You control them directly. MetaMask remains the most widely used browser-extension wallet. Rabby and Frame are common alternatives among more experienced users. Explore crypto wallets for DeFi to compare options and understand what self-custody means in practice.

Gas fees and networks: ETH is needed to pay gas fees on Ethereum mainnet. During congested periods, mainnet gas fees can exceed the value of a small transaction, making Ethereum mainnet uneconomical for everyday DeFi use. Layer-2 networks — Arbitrum, Optimism, and Base are the most active in 2026 — run the same protocols at transaction costs that are typically a fraction of mainnet fees. See layer-2 scaling explained for how to bridge assets to an L2 and what trade-offs that involves.

Contract verification: When connecting to a new protocol, verify the contract address against the protocol's official documentation or a reputable token list aggregator. Phishing sites that mimic legitimate DeFi front-ends are a persistent attack vector. Start with a small test amount to confirm the mechanics before committing significant capital. Browse DeFi tokens and market data on CryptoSlate for an overview of active protocols and their current metrics.

The first DeFi transaction should be treated as a test. The goal is to learn how wallets, networks, approvals, gas fees, and confirmations work before putting meaningful capital at risk.

Start with a small amount you can afford to lose. Use a widely supported wallet, choose one network, and avoid moving between chains until you understand bridge risk and withdrawal timing. The table below maps common goals to the most practical first step.

The first useful DeFi lesson is whether you can enter, monitor, and exit a position without confusion. If you cannot explain what happens when prices move, gas fees rise, or the protocol pauses withdrawals, the position is too complex.

Most DeFi losses do not start with a protocol exploit. Many start with a bad signature, a fake website, an unlimited token approval, or a wallet that keeps risky permissions open long after the user has finished using a protocol.

Connecting a wallet only lets a site view public wallet information and request signatures. Approving a token is different — it gives a smart contract permission to move a specific token from your wallet, up to the approved limit. The table below explains what each action actually means.

Disconnecting a wallet from a website does not automatically remove token approvals. Users who experiment with many DeFi apps should review approvals periodically, especially after using a new DEX, bridge, NFT marketplace, or farming site.

One important limit to know: revoking approvals is not a full rescue if the seed phrase is already compromised. If a wallet is drained every time new gas arrives, the safer move is to abandon that wallet, create a new one, and move clean funds only from uncompromised accounts.

DeFi yield is easier to judge when you can identify who is paying it. A protocol can show one APY on the front end, but the source of that yield determines how fragile it actually is. The table below maps each yield source to the key questions worth asking before depositing.

A useful test: if the yield source cannot be explained in one sentence, the risk probably needs more work. “The protocol pays 20%” is not an explanation. “Borrowers are paying variable interest for USDC liquidity” is clearer. “New token incentives are temporarily subsidizing deposits” signals higher risk.