"DeFi" sounds vague. The technology behind it is precise. Here's the engineer's view of how decentralized finance actually works, what the primitives are, and where the real risks live for users and builders.
What DeFi actually is
Decentralized Finance is financial primitives implemented as smart contracts on a blockchain โ usually Ethereum or its rollups. Trading, lending, derivatives, insurance, stablecoins โ all without a company in the middle. Anyone with a wallet can use them, and anyone can read the code.
AMMs โ Automated Market Makers
Uniswap, Curve, Balancer are AMMs. Instead of a traditional order book, they use liquidity pools and a mathematical formula (constant product, x*y=k for Uniswap V2). Anyone can supply liquidity and earn fees from trades.
This unlocked permissionless markets โ you don't need a broker to list a token. Tradeoff: AMMs are less capital-efficient than order books for liquid markets. Uniswap V4 and concentrated-liquidity designs address this.
Lending protocols
Aave, Compound, Maker โ these let users borrow against collateral. You deposit ETH, you can borrow USDC up to a loan-to-value ratio. Interest rates float based on utilization. Liquidations happen automatically if collateral drops too far.
The killer feature: no credit check, no application, no human. Markets work because over-collateralization guarantees solvency.
Oracles
Smart contracts can't see the outside world โ they can only access on-chain data. Oracles bridge that gap, posting prices from off-chain sources onto the blockchain. Chainlink is the dominant provider, with Pyth growing fast.
This is also the source of many DeFi hacks: manipulate the oracle, manipulate the protocol's view of prices, drain the pool.
Wallets & gas
To use any dApp you need a wallet: MetaMask, Rabby, Phantom, Coinbase Wallet. The wallet holds your private keys and signs transactions. Gas fees are paid in the chain's native token (ETH, MATIC, etc.) per transaction.
Modern wallets are dramatically better than they were three years ago. Rabby in particular highlights what a transaction will actually do before you sign โ critical safety feature.
Where the risks actually live
- Smart contract bugs โ the code is immutable. A bug means permanent loss. Always check audits.
- Oracle manipulation โ see above.
- Bridge hacks โ bridges between chains have been the biggest single source of crypto theft.
- Rug pulls โ protocol developers leave a backdoor. Common in newer / un-audited projects.
- User error โ wrong network, wrong address, approving malicious contracts. The biggest category of personal loss.
- Liquidation cascades โ when prices crash, automatic liquidations can trigger more liquidations.
The DeFi ecosystem matured significantly between 2022 and 2026. Better audits, better wallets, better risk modeling. It's still high-risk relative to traditional finance, but no longer the wild west of 2021.
For context on the chains DeFi runs on, see our Ethereum deep dive. For Bitcoin's role as DeFi collateral, see Bitcoin Fundamentals.
- Uniswap โ Uniswap documentation
- Aave โ Aave protocol documentation
- Chainlink โ Chainlink oracle docs
- DefiLlama โ DeFi TVL analytics
- Rekt News โ DeFi exploit reporting