How Decentralized Finance Works Without Banks

DeFi replaces banks, brokers, and exchanges with smart contracts. Here's how the three core mechanisms actually work, what's powering $95 billion in locked value, and where the real risks hide.

What DeFi Actually Is (and What It Replaces)

In traditional finance, nearly every transaction passes through a middleman. Banks hold your deposits. Brokers execute your trades. Payment processors route your money and take a fee. These intermediaries provide services, but they also add cost, delay, and gatekeeping. You need an account, a credit score, or a physical location to participate.

DeFi removes those intermediaries and replaces them with software. Specifically, with smart contracts that execute automatically when conditions are met. A smart contract can accept your deposit, calculate your interest, manage your collateral, and liquidate your position if needed, all without a human making a decision at any point. The rules are encoded in the program. The program runs on a blockchain. The results are transparent and irreversible.

But smart contracts alone aren't enough. They need external data to make decisions. A lending contract needs to know the current price of ETH to decide whether your collateral is sufficient. That data comes from oracle infrastructure that delivers real-world prices to the blockchain. Together, smart contracts (the execution layer) and oracles (the data layer) form the foundation on which every DeFi application is built.

As of early March 2026, approximately $95 billion in total value is deposited across DeFi protocols, according to DefiLlama. That's real capital sitting in smart contracts, earning interest, providing trading liquidity, and serving as collateral for loans. The number has recovered significantly from the 2022 crash (when it fell below $40 billion) but remains below the $180 billion peak of late 2021. The ecosystem is smaller than its peak but more mature, with better-audited protocols, more institutional participation, and a clearer risk landscape.

The Three Core Mechanisms

DeFi includes dozens of application types: lending platforms, decentralized exchanges, yield aggregators, insurance protocols, prediction markets, stablecoin systems, and more. But underneath all of that complexity, nearly everything is built from combinations of three fundamental mechanisms: lending, swapping, and staking. Understanding these three is understanding DeFi.

Lending and Borrowing: What Happens When You Deposit

DeFi lending is the largest category by value locked, accounting for roughly 38% of all DeFi TVL. Protocols like Aave and Compound run entire lending markets through smart contracts. Aave alone crossed $1 trillion in cumulative loans processed in early 2026, a milestone that places its throughput alongside mid-tier traditional banks.

Here's what actually happens when you participate. As a lender, you deposit tokens (say, USDC) into a lending pool managed by a smart contract. Your deposit joins a pool of the same asset contributed by other lenders. In return, you receive an interest-bearing token (Aave calls these "aTokens") that represents your share of the pool and automatically accrues interest in your wallet.

Borrowers draw from this pool, but they can't just take tokens and leave. Every loan is overcollateralized, meaning the borrower must deposit collateral worth more than the loan. If you want to borrow $1,000 in USDC, you might need to deposit $1,500 worth of ETH as collateral. The smart contract enforces this ratio automatically.

Interest rates aren't set by a committee. They're calculated algorithmically based on the utilization ratio of the pool: how much of the deposited assets are currently being borrowed. When utilization is low (lots of supply, few borrowers), rates are low. When utilization is high (most of the pool is lent out), rates spike to attract more depositors and discourage new borrowing. This mechanism keeps the pool balanced without any human intervention.

The critical dependency most users overlook is the oracle. The smart contract needs to know the current market price of the borrower's collateral at all times. If ETH drops in value and the borrower's collateral-to-loan ratio falls below the liquidation threshold (typically around 80-85% loan-to-value), the smart contract automatically sells enough collateral to cover the loan. This liquidation happens instantly, with no warning, and it's triggered entirely by the price the oracle reports. Understanding how oracles work and where they can fail is essential context for anyone lending or borrowing in DeFi.

Swapping: How a DEX Prices Your Trade

On a traditional stock exchange or a centralized crypto exchange, buyers and sellers place orders in an order book. A matching engine pairs buy orders with sell orders at agreeable prices. A decentralized exchange (DEX) like Uniswap works completely differently.

Instead of an order book, a DEX uses liquidity pools. A liquidity pool is a smart contract holding reserves of two tokens (say, ETH and USDC). Users called liquidity providers (LPs) deposit equal values of both tokens into the pool. In return, they earn a share of the trading fees generated when other users swap between those two tokens.

The price of a swap is determined by a mathematical formula, not by buy/sell orders. The most common formula is the constant product formula: x * y = k, where x and y are the quantities of the two tokens in the pool, and k is a constant. When you buy ETH from the pool, you add USDC and remove ETH. This changes the ratio, which changes the price. The more ETH you remove relative to the pool's total, the higher the price moves against you. This price impact is called slippage, and it's why large trades on small pools can get expensive fast.

No sign-up. No identity verification. No custody transfer. You connect your wallet, approve the contract to access your tokens, set your slippage tolerance (the maximum price movement you'll accept), and confirm the swap. The smart contract handles the rest. Gas fees are paid to the network for processing the transaction, and they fluctuate with network demand.

Staking and Liquidity Provision: Two Different Risk Profiles

These two activities often get lumped together, but they carry fundamentally different risk profiles. Understanding the distinction matters because one exposes you to impermanent loss and the other doesn't.

Staking means locking your tokens to help secure a proof-of-stake blockchain network. When you stake ETH on Ethereum, for example, you're contributing to the network's validator set. In return, you earn staking rewards (currently around 3-4% annually for ETH). Liquid staking protocols like Lido let you stake while receiving a liquid token (stETH) that represents your staked position and can be used elsewhere in DeFi. Staking does not expose you to impermanent loss because you're holding a single asset, not a pair.

Liquidity provision means depositing a pair of tokens into a DEX pool so others can trade against them. You earn a share of trading fees, which can be attractive. But you're exposed to a risk that staking doesn't carry: impermanent loss. This is the single most important risk to understand before providing liquidity, and it deserves its own explanation.

The Risks That Actually Matter

DeFi's openness and automation come with risks that don't exist in traditional finance. Five risks deserve mechanism-level understanding, not just warning labels.

Smart Contract Risk

Every DeFi protocol is a smart contract, and smart contracts are immutable. If the code contains a bug, it can't be patched after deployment. The OWASP Smart Contract Security Project documented roughly $905 million in losses across 122 smart contract incidents in 2025. Access control vulnerabilities (where unauthorized users trigger functions they shouldn't have access to) were the single largest category. The protocols that were exploited weren't all small or unaudited. Some had undergone multiple security reviews. An audit reduces risk. It doesn't eliminate it.

Impermanent Loss

This is the risk most DeFi content skips or handles in a single sentence. It deserves more, because it's the primary way that liquidity providers lose money.

When you deposit two tokens into a DEX liquidity pool, the AMM constantly rebalances the ratio to keep the pool functional. If the price of one token rises significantly, arbitrage traders buy the cheaper token from the pool (restoring it to market price), which means the pool ends up holding more of the token that decreased in relative value and less of the token that increased. When you withdraw, you get back a different ratio of tokens than you deposited. The net value of your position is less than if you had simply held the original tokens in your wallet.

The math is predictable. If the price of one token doubles relative to the other, the impermanent loss is approximately 5.7%. If the price moves 5x, the loss grows to roughly 25.5%. The loss is called "impermanent" because it reverses if prices return to their original ratio before you withdraw. In practice, prices rarely return to exactly where they started, which means the loss often becomes permanent when you exit your position.

This doesn't mean liquidity provision is always a losing strategy. High-volume pools with stablecoin pairs (USDC/USDT, for example) experience minimal price divergence and generate consistent fee income. Pools with volatile token pairs can also be profitable if trading volume is high enough that fees outpace the impermanent loss. But the data is clear: providing liquidity without understanding this mechanism is one of the most common crypto mistakes intermediate users make. It looks like passive income. It can be a net loss.

Oracle Dependency

Every DeFi lending protocol depends on an oracle to tell it the current price of collateral assets. If the oracle delivers a stale or manipulated price, the protocol acts on that wrong data with the same automatic certainty it applies to correct data. Collateral can be liquidated unfairly if the reported price is too low. Borrowers can take out under-collateralized loans if the reported price is too high. We covered the mechanism, the real exploit data, and the Mango Markets case study in our oracle explainer. The short version: oracle reliability isn't an abstract infrastructure concern. It directly determines whether your lending position is safe.

Token Approvals

Before a DeFi smart contract can move tokens from your wallet, you must grant it permission. Many protocols request unlimited approvals by default, meaning the contract can access your entire balance of that token indefinitely. If the contract is later exploited, or if you approved a malicious contract by mistake, an attacker can drain your tokens without any further action from you. Setting custom approval amounts and periodically revoking old approvals using tools like Revoke.cash are basic hygiene practices. For a deeper look at protecting your wallet from approval-based attacks, see our wallet security guide.

Regulatory Uncertainty

DeFi's legal status varies by jurisdiction and is evolving rapidly. Some countries are developing frameworks for DeFi regulation. Others have restricted or banned certain activities. The U.S. passed the GENIUS Act in 2025, establishing the first clear regulatory framework for fiat-backed stablecoins, but broader DeFi regulation remains unsettled. The practical implication: the regulatory environment you operate in today may change, and protocols that are accessible now may not be in the future. This isn't a reason to avoid DeFi, but it is a reason to stay informed about the regulatory landscape in your jurisdiction.

The Complete Picture

This post is the third and final in a series. The first covered how smart contracts work: the execution layer that runs DeFi's logic. The second covered how oracles work: the data layer that feeds smart contracts the real-world information they need. This post brought both layers together to show what DeFi actually does with them, and where the real risks concentrate.

The three posts form a stack. Smart contracts are the engine. Oracles are the fuel line. DeFi is the vehicle. You can drive a vehicle without understanding its engine, but you can't evaluate whether it's safe, diagnose what went wrong when it breaks, or make informed decisions about which vehicles to trust. That evaluation skill is the difference between participating in DeFi and understanding DeFi. If you want to continue building this foundation, the DeFi terminology in the Blockready glossary covers over 700 terms, and the full 13-module curriculum covers DeFi mechanics, security, regulation, and market structure in structured depth.