You bought cryptocurrency. Maybe it was bitcoin (BTC-USD), maybe ethereum (ETH-USD), or perhaps something else entirely. You’ve likely encountered some new terms as well, such as DeFi and smart contracts. But what is DeFi, and how does it work?
DeFi, short for decentralized finance, refers to financial services built on blockchains. These services let you lend, borrow, trade, and earn interest without going through a bank or brokerage. Instead, it all works via smart contracts, which are computer programs that run on blockchains. It’s all automated and follows a defined set of rules (i.e., if this condition exists, do that), and there’s no intermediary to say you can or can’t make a transaction.
However, the trade-off is that you’re responsible for your choices. Safety nets are thin or nonexistent. If a protocol gets hacked, there’s no fraud department to call. The freedom DeFi offers comes paired with real risk, and understanding that risk is essential before you put real money to work.
This guide explains what DeFi is, how it works, and some of the most common ways to get started. We’ll walk through the main activities associated with decentralized finance (lending, borrowing, swapping, and providing liquidity). Just as important, we’ll discuss the risks and how to get started safely.
What is DeFi in crypto?
DeFi stands for decentralized finance and describes a category of financial applications that run on crypto blockchains without banks, brokerages, or other intermediaries taking a cut or setting the rules. Instead, software enforces the terms. You interact directly with a decentralized app (dApp) through your wallet, and the protocol (the set of programmed rules) handles the rest.
Fintech is often confused with DeFi, and while both use technology to enable financial services, they differ in terms of centralization. Fintech typically refers to centralized financial services we all know, such as PayPal and banking apps. On the other hand, DeFi is a subset of fintech that runs without a centralized authority.
Why DeFi exists
Traditional finance, which works well in many situations, relies on gatekeepers. Whether you want to get a loan, earn interest on savings, or trade stocks, there’s someone in the middle of the transaction. Banks, payment processors, and brokerages determine who can transact with whom and profit from those transactions.
DeFi removes those gatekeepers and makes finance tools accessible to anyone. If you have an internet connection and a crypto wallet, you can put your crypto to work, earning yields or swapping for other cryptocurrencies. DeFi protocols don’t care about your credit score, your location, or your banking history. They follow code, not corporate policies. That opens access to finance for people who’ve been excluded from traditional systems and bypasses common requirements, such as ID or minimum balances.
DeFi also changes who controls your money. In traditional finance, your bank holds your money. You have a claim on your funds. In effect, it’s an IOU. By contrast, DeFi centers on self-custody crypto wallets. You control your wallet’s private keys and can move your crypto whenever you want, wherever you want, without asking for permission.
DeFi vs. CeFi
If you’ve used centralized crypto exchanges like Coinbase and Kraken, these platforms also offer ways to earn yields on your crypto. Sometimes called CeFi (centralized finance), exchanges are easy to use and can feel as familiar as a banking app. These platforms are custodial, meaning the exchange holds your crypto. If the exchange fails, gets hacked, or faces regulatory action, your assets may be frozen or lost. Custodial exchanges also decide what you can do with your crypto on their platform.
DeFi is noncustodial. You hold the private keys that control your crypto assets on a blockchain. You connect your wallet to a protocol, approve the transaction, and the protocol executes it. No one stores your funds on your behalf. No one can say you can’t do what you want with your assets.
Where DeFi lives
DeFi protocols run on smart-contract-enabled blockchains. The Ethereum blockchain hosts the largest DeFi ecosystem by total value locked (TVL). However, cheaper and faster Layer 2 networks like Base and Arbitrum also run on top of Ethereum. Layer 2 networks use Ethereum (Layer 1) to secure transactions. These networks now handle more transactions than the Ethereum mainnet.
Other blockchains like Solana, Avalanche, and Polygon also have active DeFi scenes, each with its own trade-offs in terms of speed, cost, and security. By design, bitcoin doesn’t support complex smart contract logic. However, sidechains like Stacks and Core support DeFi for bitcoin. Sidechains use a bridge to lock assets (i.e., bitcoin) and issue an equivalent token that can be used on the sidechain.
How DeFi works
As mentioned, DeFi runs on smart contracts. A smart contract is code stored on a blockchain that executes automatically when conditions are met.
The vending machine analogy offered by the inventor of smart contracts, Nick Szabo, accurately describes how smart contracts work: You put money in, you select an item, the machine checks if you paid enough, and it releases your snack. In short, if the condition is met (enough money and no wooden nickels), the machine dispenses a snack.
Decentralized apps often use several smart contracts in series, passing the transaction to another contract if needed. This allows complex applications that far exceed the vending machine analogy. Let’s examine how the pieces fit together.
Smart contracts: The logic layer
In DeFi, smart contracts define the terms of the transaction. For example, if you deposit USDC (a stablecoin token pegged to $1 USD) into a lending protocol, a smart contract records your deposit and calculates your interest. When you want to borrow against that deposit, a smart contract checks your collateral to determine how much you can borrow. The code either allows or rejects the transaction based on pre-programmed conditions.
This automation is what makes DeFi possible. A single protocol can serve millions of users without hiring staff to process each transaction. The trade-off is that the code has to be correct. Bugs can lock funds forever. Hackers can exploit smart contract vulnerabilities. The contract always does what it’s programmed to do, even if the developers hadn’t envisioned certain outcomes.
Protocols: The financial apps
A decentralized app or protocol is a collection of smart contracts working together to provide a specific service. Uniswap is a protocol for swapping tokens. Aave is a protocol for lending and borrowing. These protocols provide different services, so each has its own collection of smart contracts.
You interact with protocols using a self-custody crypto wallet, also called a noncustodial wallet. For example, if you wanted to lend on Aave, you’d connect your wallet to Aave’s protocol. You’d then use your wallet to sign the transaction. This step proves that you can control the assets associated with your wallet address. The protocol never sees your real-world identity or personal information. It sees your wallet address and balances.
Your wallet: Identity and key
Your wallet address acts as your pseudonymous identity on a blockchain. The wallet itself doesn’t hold any crypto assets. Instead, it holds the private keys that prove that you are authorized to control your crypto assets on a blockchain. It also acts as a gateway to decentralized finance.
Be aware that your wallet address is public. Pseudonymous isn’t anonymous. Anyone can look up your wallet address on a block explorer and see every transaction you’ve ever made. If someone knows a specific wallet address belongs to you, they can see how much you have and what you’ve done on-chain. However, that transparency, while troubling if someone connects your wallet address with your identity, is key to how DeFi works. Protocols can verify your collateral, your borrowing history, and your activity without asking you for documents.
No customer service
In traditional finance, you can call your bank to dispute a charge. DeFi removes this safety net along with the intermediary. If you send crypto to the wrong wallet address and then sign the transaction with your wallet, the transaction will complete.
DeFi also adds another type of risk: malicious contracts. These apps often masquerade as well-known protocols. If you approve a malicious transaction, the protocol executes exactly what you authorized, even if you didn’t understand it. In traditional finance (TradFi), it’s prudent to double-check a transaction before you click the Send button. In DeFi, it’s imperative. There’s no undo button. Always review the transaction in your wallet app before authorizing it.
What can you do with DeFi?
DeFi opens up financial activities that may look familiar on the surface but work differently under the hood. Here are the five main categories you’ll encounter.
Staking
Staking initially referred to locking up your crypto to help secure a Proof of Stake blockchain by providing collateral. In this case, you would earn a yield for staking your crypto. However, many protocols have expanded the definition of staking to include several types of activities in which you lock up tokens to earn a yield. For example, users can stake the Aave token to provide an insurance fund for the platform, earning a yield for locking their tokens.
Lending
In DeFi lending, you deposit crypto into a lending protocol, such as Aave, and your deposit earns interest from borrowers. Lending protocols work much like savings accounts, but they automatically match lenders with borrowers rather than having the bank decide who can borrow. Deposits go into a pool, socializing the risk, although borrowing caps based on collateral also reduce risk as prices move up and down.
Although yields are often higher than you’ll find with a savings account, supply and demand drive rates. More borrowers mean higher yields for lenders, so expect rates to fluctuate. Additionally, on-demand withdrawals aren’t guaranteed. If your crypto is loaned out, you can’t withdraw until the pool has sufficient funds.
Borrowing
In DeFi borrowing, you lock collateral in a smart contract and borrow against it. However, in contrast to traditional loans, DeFi requires over-collateralization. To borrow $500 worth of crypto, you might need to post $750 or more in collateral. If your collateral falls below a specified value relative to your loan, the protocol automatically liquidates your position to repay the debt. You keep the loan proceeds.
The natural question is: Why would anyone lock up more value than they can take from the loan? Some reasons center on taxes. Selling crypto at a gain to raise capital creates a taxable event. In other cases, people borrow to “loop” their deposits if the protocol pays a yield higher than the borrowing cost. People borrow to get liquidity without selling assets they expect to appreciate, or to deploy borrowed funds elsewhere. In DeFi, you don’t need to explain why you need to borrow if you have the collateral to back the loan.
Swapping on decentralized exchanges: What is a DEX in DeFi?
A decentralized exchange (DEX) uses liquidity pools of two or more tokens provided by other users to facilitate trading. If you have ethereum but need USD coin, you can swap your tokens directly from your wallet without ever visiting a centralized exchange like Coinbase or Kraken.
Most DeFi swaps use automated market makers (AMMs), the largest of which is Uniswap, which supports several EVM (Ethereum Virtual Machine) blockchains. Instead of matching buyers and sellers through an order book, a list of buy and sell orders, you swap directly against the pool’s token inventory. The AMM automatically prices tokens based on the pool’s supply. If the pool price falls out of sync with the outside market, arbitrage bots operated by other traders swap against the pool to bring the pool price back to market levels.
The math used by AMMs, called the constant product formula, can cause slippage. In simple terms, that just means the trade executes at a less than ideal price. While this sounds imperfect, and it is, slippage often occurs on centralized exchanges as well.
Providing Liquidity
What incentive does anyone have to provide liquidity to a DEX? Simply, yields can be high. Liquidity providers typically provide two or more types of tokens to a pool (i.e., ethereum and USD coin) and then earn a percentage of trading fees proportional to their share of the liquidity pool. Some protocols also pay additional rewards in governance tokens.
The catch is impermanent loss: if one token’s price changes significantly relative to the value of the other, you may end up with less of it than if you’d simply held. Withdrawing your tokens from the pool crystallizes that loss. Another, more accurate, term for this is divergence loss.
Understanding DeFi’s risks
DeFi offers freedom to trade without intermediaries and several ways to earn yields. However, it also removes the safety nets we’ve become accustomed to in traditional finance. Although it’s possible to mitigate many risks by acting with caution, they can’t be eliminated.
Additionally, individual protocols can be affected by happenings elsewhere in the ecosystem. For example, a 2026 exploit of, or attack on, the Kelp DAO bridge caused a liquidity crisis on Aave, which was not part of the exploit. The attackers used Aave as an exit ramp, depositing their ill-gotten rsETH tokens on Aave to borrow WETH (which will never be repaid). As a consequence, WETH lenders could not withdraw their deposits.
Smart contract risk
Every protocol runs on code. Like all software, this code can have bugs, vulnerabilities, or design flaws. If a hacker discovers an exploit, they can drain the protocol’s pools. This has happened repeatedly, even to well-known platforms. A protocol that worked perfectly yesterday may be compromised tomorrow.
Look for links to third-party audits on the project’s website before connecting your wallet. Audits don’t guarantee safety, but indicate that experts reviewed the code. Smaller protocols may have no audits at all.
Who did the audit? Check the auditor’s reputation.
When was the audit performed? An older audit may not mean much if the protocol has since added new features.
Have any security incidents occurred? Check trusted news sources and the project’s social media page.
Who has the keys? While often described as immutable, meaning they can’t be changed once deployed, some smart contracts can be changed. Many smart contracts and token contracts include an admin key or use proxy contracts that allow the developer to change the contract’s behavior. A contract that functions one way on Monday might have new features on Tuesday.
Liquidation risk
When you borrow against collateral, you need to consider the possibility of liquidation. There’s no credit application, so the only thing backing the loan is the collateral. If your collateral’s value drops below a certain threshold relative to your loan balance, the protocol automatically sells your collateral to repay the debt (you keep the loan proceeds). This happens without warning.
Loan-to-value (LTV) requirements can fluctuate based on market conditions, making liquidation risk a real concern during crypto’s price swings. A liquidation can force a sale during market declines, leaving little time to react. Many experienced borrowers keep LTV well below the current threshold to avoid liquidation.
Frozen assets
Tokens on blockchain networks like Ethereum and Solana are just computer code. If the code’s programming supports it, these tokens can be frozen, meaning they can’t be sold or transferred. In some cases, this might be a rug pull, which we’ll discuss in a bit. In other cases, it might be part of an enforcement action. Centralized stablecoins like USDT and USD coin are managed by companies that can turn off your tokens, typically at the request of law enforcement.
Impermanent (divergence) loss
Providing liquidity exposes you to price divergence between your paired tokens. If one token’s price moves significantly relative to the other, you’ll have less of the appreciating token when you withdraw. The trading fees you earn may or may not compensate for that paper loss. Left alone, the divergence may or may not narrow before you withdraw, which is why the loss is called impermanent.
In practice, impermanent loss is often viewed as an opportunity cost. If you had held the full amount of both tokens in your wallet, you would have X in total value. By placing the tokens into the pool, the total value is Y plus swap fees you’ve earned.
Scams and rug pulls
Not every protocol or token is legitimate. Meme coins have become infamous for malicious code in some tokens that prevents buyers from selling or transferring them. Another common scam tactic is to launch a coin and then remove liquidity from the pool, pulling the rug out from under investors who now have no way to sell their tokens.
Fake protocols pose another risk. These impostor applications often look like legitimate dApps, but use malicious smart contracts under the hood to steal crypto from unsuspecting users.
Stick with established protocols that have track records, known teams, and audited code.
User error
In DeFi, you are your own bank. No one will check your work for errors. Send funds to the wrong address? Gone forever. Approve a malicious contract? The contract does exactly what you authorized, and blockchains don’t distinguish between good and bad. Code is law, and every transaction is final.
Getting started with DeFi safely
DeFi rewards patience and often punishes haste. The protocols will still be there after you’ve taken time to learn. Most importantly, don’t invest money you can’t afford to lose. Let’s review some best practices for getting started.
Start with small transactions
Use amounts you’re willing to treat as tuition. Mistakes on Layer 2 networks like Base or Arbitrum cost less in fees than experiments on Ethereum mainnet.
Stick with established protocols
New protocols often offer high yields to attract deposits. These high yields may signal risk, such as inflationary tokens paid to stakers. If demand for the reward token falls short of its growing supply, the yield may become less attractive over time.
Additionally, newer protocols haven’t been battle-tested. If there’s a way to exploit a protocol, someone will find it. Start with protocols that have operated for years, survived market crashes, and have undergone code audits. Aave, Compound, Uniswap, and similar “blue chip” protocols aren’t risk-free, but they’re considered battle-tested.
Master one thing at a time
Don’t try to lend, borrow, or provide liquidity on day one. Pick one activity. Understand how it works, where the risks are, and what could go wrong. Only when you’re comfortable should you move on to the next. Lending offers a common starting point for beginners because it’s less complex than providing liquidity to a DEX pool.
Keep reserves liquid
Don’t lock everything into protocols. Markets change, and new opportunities may arise. Keep some assets in your wallet where you can access them immediately.
Bottom line
DeFi is a set of tools that let you interact with blockchain financial services directly, without intermediaries, on your own terms.
While permissionless access has its appeal, these automated tools come with trade-offs. The ability to earn yields means exposure to risks we just don’t see in the TradFi world. Additionally, the transparency of public blockchains means your financial activity is visible to anyone who knows where to look.
None of this is a reason to avoid DeFi. Instead, it provides several reasons to approach decentralized finance with care. Start small and learn the mechanics first. Understand what can go wrong before it does, and use established protocols to improve safety.
DeFi gives you control. It’s up to you to navigate its perils and opportunities successfully.