){kind=icon}
The digital finance world is becoming increasingly established, driven by changes in legislation and growing hype around Decentralized Finance (DeFi). While traditional finance depends heavily on centralized banking systems, DeFi leverages blockchain technology to increase transparency in transactions.
However, this transparency does not automatically equate to trustworthiness—as you'll discover in this article, co-written by Amit Tambe (Researcher) and Hafizzuddin Fahmi Hashim (Junior Researcher) at F-Secure.
In this series, we begin by introducing DeFi and its fundamental workings, helping you understand the core terminology associated with it. Building on this, we’ll examine the current DeFi threat landscape and the various scams occurring within the ecosystem. Finally, we’ll delve into the deeper details of these scams and their risks, including the vulnerabilities of smart contracts.
Understanding Decentralized Finance (DeFi)
Decentralized Finance (DeFi) is a blockchain-based financial system that removes intermediaries like banks and brokers. It allows users to lend, borrow, trade, earn interest, and invest directly using smart contracts on decentralized networks like Ethereum, Binance Smart Chain, and Solana.
Why was DeFi created?
DeFi was born out of frustration with traditional finance, aiming to build an open, permissionless, and transparent financial system accessible to everyone. It seeks to address the limitations of conventional banking and offer greater financial freedom in the following ways:
Inclusion: Traditional banking often excludes individuals who lack formal identification, credit history, or a minimum account balance. DeFi, on the other hand, is open to anyone with an internet connection and a crypto wallet.
Eliminating middlemen: Banks rely on intermediaries—brokers and payment processors—which slow down transactions and increase costs. DeFi uses smart contracts to automate processes and remove the need for third parties.
Faster, cheaper transactions: Despite charging various fees, banks can take days to process payments, especially international ones. DeFi enables quicker, cost-effective transactions by leveraging blockchain technology.
Transparency: Traditional financial systems are typically closed. DeFi is built to be public and transparent, with all transactions visible on the blockchain.
Decentralization: Most importantly, traditional finance is centralized and under government control. DeFi operates independently of centralized authorities, giving users more control over their assets.
Why is DeFi’s popularity rising now?
DeFi is gaining popularity because it breaks free from the constraints of traditional banking systems. It can reach individuals who might not meet bank eligibility requirements and has attracted users by offering significantly higher interest rates on lending and borrowing compared to conventional banks.
Additionally, DeFi promotes transparency by allowing public scrutiny and auditing of all transactions on the blockchain. Overall, the appeal of DeFi lies in its lack of censorship, greater inclusivity, and the potential for high returns—all of which have contributed to its rapid growth.
What's the difference between DeFi and Bitcoin?
Bitcoin was introduced in 2008 and laid the foundation for decentralized digital currency. However, it functions primarily as a store of value and is mostly held as an asset. DeFi, on the other hand, represents a much broader financial ecosystem.
Key terminology in DeFi
As the DeFi ecosystem continues to grow, understanding its core concepts and terminology is essential for confidently navigating how decentralized financial systems operate. Below is a list of common DeFi terms you’ll encounter throughout this article.
Blockchain network – In DeFi, a blockchain network is the underlying decentralized infrastructure that powers smart contracts, transactions, and financial services without intermediaries. It serves as the foundation for DeFi applications. All transactions are recorded on a public ledger that can be verified by anyone—and once recorded, they cannot be altered.
Fiat on-ramp – A fiat on-ramp is a service that allows users to buy cryptocurrencies using traditional (fiat) currencies like USD, EUR, GBP, INR, etc. It acts as a gateway between the traditional financial system and the crypto world.
Gas charges – In blockchain networks like Ethereum, transaction fees are known as ‘gas fees’ because they represent the computational effort required to process and validate transactions. Just like a car needs gas (fuel) to run, a transaction needs gas to be processed by miners or validators.
Crypto wallet – A crypto wallet is a tool that lets users securely store, send, receive, and manage cryptocurrencies. It contains private keys that provide access to your crypto assets on the blockchain. Unlike a traditional bank account, a crypto wallet doesn’t hold your coins—it stores the keys that allow you to access and control your funds on the blockchain.
Seed phrase – A seed phrase (also called a recovery phrase or mnemonic phrase) is a set of 12, 18, or 24 random words that acts as the master key to your crypto wallet. It's used to generate and recover your private keys if you lose access to your wallet (e.g. if your device is lost, stolen, or broken). For example, a seed phrase could be 'Correct hedgehog dragon slice banana earth pencil sunset volume orbit market winter'.
dApp (Decentralized App) – A dApp is a software application that runs on a blockchain network instead of a centralized server. It operates using smart contracts and is designed to be trustless, transparent, and censorship resistant.
Yield farming – Yield farming is a DeFi investment strategy where users deposit their crypto into liquidity pools or staking protocols to earn rewards—typically in the form of interest, trading fees, or additional tokens. Think of it like earning interest on your savings account, but instead of a bank, you're using decentralized finance platforms.
DEX (Decentralized Exchange) – While DeFi platforms can offer a full suite of decentralized financial services (such as lending, yield farming, staking, and trading), a DEX is a type of DeFi platform focused specifically on token swapping and trading.
How Does DeFi Work?
Now that we’ve familiarized ourselves with the terms and origins of DeFi, let’s explore how it works—particularly how traditional banking transactions like borrowing and lending function in this alternative financial system.
In traditional banking, the process typically starts with opening a bank account and depositing money. From there, users can access basic services like withdrawing, depositing, taking out loans, or investing in savings schemes. DeFi mirrors many of these functions, but without banks or intermediaries.
Here's how the DeFi equivalent works:
Set up a crypto wallet: The DeFi equivalent of opening a bank account.
Your crypto wallet acts as your personal gateway to the decentralized financial world. Wallets can be created using providers like MetaMask, Trust Wallet, Coinbase Wallet, or Ledger.
A wallet is typically secured by a seed phrase (usually 12–24 words). This phrase is used to derive all private keys for your wallet addresses and is crucial for accessing your funds. If you lose your wallet (e.g. your device, app, or hardware wallet), you can restore access using this seed phrase.
Buy or transfer crypto: The DeFi equivalent of depositing money into a bank account. To use DeFi services, you need to fund your crypto wallet. There are two main ways to do this:
Buy crypto (also called ‘fiat on-ramp'): If you don’t already own crypto, you can purchase it with fiat currency (like USD or EUR) via an exchange (e.g. Binance or Coinbase) and transfer it to your wallet. Some wallets like MetaMask or Trust Wallet also offer built-in buying options.
Transfer crypto: If you already own crypto, you can send it from another wallet or exchange. Be sure to double-check the destination wallet address before transferring funds.
Connect your wallet to a DeFi platform: The DeFi equivalent to accessing banking services.
In DeFi, users choose a dApp (Decentralized Application)—such as a lending or trading platform—and connect their wallet to begin using it.
A dApp is a software application that runs on a blockchain network rather than on a centralized server. It’s designed to be transparent, trustless, and censorship resistant.
Use DeFi services: The DeFi equivalent to performing banking transactions. Once connected, users can access a wide range of financial services:
Deposit and earn interest – similar to a savings account.
Borrow crypto – like taking out a loan.
Trade crypto – comparable to currency exchange.
Yield farming and staking – similar to fixed deposits or investments.
Traditional Banking Systems vs. DeFi
The diagram below illustrates the process of a money transfer between individuals using a traditional banking system, where intermediaries are involved.
)
The second diagram below then illustrates how money is transferred between individuals using a DeFi system, where users interact directly with cryptocurrencies—without intermediaries.
)
To summarize the key differences between traditional banking and DeFi:
Opening an account:
Traditional banking: Apply at the bank
DeFi: Create a crypto wallet
Depositing money:
Traditional banking: Cash deposit
DeFi: Buy or transfer crypto
Accessing services:
Traditional banking: Use online banking
DeFi: Connect wallet to DeFi apps
Earning interest:
Traditional banking: Fixed deposits
DeFi: Lend crypto
Getting a loan:
Traditional banking: Credit check required
DeFi: Use crypto collateral
Withdrawing funds:
Traditional banking: Bank transfer
DeFi: Send crypto to an exchange or another wallet
How DeFi Protocols Are Governed
Since DeFi, by definition, is decentralized, there is no central governing authority like a bank or government. However, in the absence of such institutions, other mechanisms act as 'regulators' to ensure security, functionality, and governance. Chief among these is the smart contract.
Smart contracts are the backbone of DeFi, controlling how transactions operate. They automate financial services—such as lending, borrowing, trading, and staking—without the need for human intervention. These self-executing digital agreements are built on blockchain technology and carry out transactions based on pre-defined conditions. Once deployed, they run automatically, without the need for a middleman.
How do smart contracts work?
A smart contract is a self-executing program stored on a blockchain. Key features include:
Predefined rules: Smart contracts are programmed with specific conditions (e.g. 'If A deposits 1 ETH, then send them 100 USDC'). Other rules might include: 'Only the owner can withdraw amount' or 'The withdrawal amount must be less than or equal to the balance'.
Triggered execution: Once the conditions are met, the contract executes automatically—without the need for human intervention.
Immutable and transparent: Smart contracts are stored on a blockchain, making them tamper-proof. This means that if a contract contains a flaw, it can't be altered after deployment—unless they were specifically designed to be upgradeable.
)
Securing Trust Through Consensus Mechanisms
A consensus mechanism is essential due to the decentralized nature of DeFi. It helps ensure network security by making it difficult to manipulate transactions and prevents issues like double-spending. In short, it plays a critical role in maintaining trust within a decentralized system.
There are two primary types of consensus mechanisms: Proof of Work (PoW) and Proof of Stake (PoS). Here’s how they differ:
How blocks are created:
Proof of Work: Miners solve complex mathematical problems
Proof of Stake: Validators stake coins to confirm transactions
Energy usage:
Proof of Work: High
Proof of Stake: Low
Speed and scalability:
Proof of Work: Slower
Proof of Stake: Faster
Example blockchains:
Proof of Work: Bitcoin, Dogecoin
Proof of Stake: Ethereum 2.0, Solana
PoS is a consensus mechanism where validators secure the network and validate transactions by staking (locking up) their cryptocurrency. Unlike PoW, which relies on energy-intensive mining, PoS selects validators based on the amount of crypto they stake rather than computing power.
In a PoS system, validators are chosen and rewarded based on their stake. Malicious behavior can result in penalties, which are also proportional to the amount staked.
The Purpose of Tokens in Decentralized Networks
In DeFi, tokens are digital assets that represent value, ownership, or rights within a blockchain ecosystem. They play a central role in enabling governance, liquidity, rewards, staking, and lending across DeFi protocols.
While some DeFi services can technically operate without their own tokens, the broader DeFi ecosystem depends heavily on tokens for core functions such as governance, liquidity, incentives, and transaction processing.
What if there were no tokens?
Without liquidity provider (LP) tokens, users would have little incentive to deposit funds into liquidity pools, leading to reduced overall liquidity in DeFi. Without tokens, users would also lack voting power, making DeFi platforms less decentralized.
Additionally, lending and borrowing mechanisms would struggle to function. And without token rewards, participation in yield farming and other incentive-driven activities would likely decline significantly.
How to get DeFi tokens
There are several ways to acquire DeFi tokens. The fastest method is buying them directly from a decentralized exchange (DEX). You can also earn tokens passively through yield farming, staking, and lending. Airdrops and incentive programs offer free tokens but typically require being an early or active user of DeFi projects.
Common Risks Associated with DeFi
While DeFi offers transparency, accessibility, and financial freedom, it also comes with significant challenges and risks. Here are some of the most common:
Smart contract vulnerabilities: DeFi platforms run on smart contracts, and bugs or coding errors can be exploited. If a contract has vulnerabilities, hackers may steal funds.
Rug pulls and exit scams: Developers may launch a project, collect funds, and then disappear, leaving investors with worthless tokens. This is most common with newly launched tokens and meme coins.
Crypto scams: Scammers often exploit the rising popularity of DeFi by luring users on social media to invest in fake or deceptive crypto projects.
Impermanent loss: Occurs when the price of tokens in a liquidity pool changes significantly, leading to potential losses compared to simply holding the tokens.
Flash loan attacks: Attackers can borrow large amounts of crypto (without collateral) via flash loans, manipulate DeFi markets, and drain funds.
High gas fees: When blockchain networks become congested, gas fees can spike, making even small transactions expensive.
Decoding DeFi: What's Next?
This article introduced the key concepts of DeFi and explored several of its core aspects. We discussed the reasons behind DeFi’s rapid rise in popularity and touched on some of its underlying technical components. Finally, we examined the main risks associated with participating in DeFi.
In upcoming articles, we’ll take a closer look at DeFi security—exploring specific risks and how they can impact users.