DeFi runs finance on public blockchains

DeFi uses smart contracts on public blockchains to offer lending, trading, and yield without banks or brokers.

Decentralized finance, or DeFi, now moves real money through software instead of bank accounts. The sector hit more than $180 billion in total value locked in 2021, then fell below $40 billion by 2023, which tells you how fast this market can inflate and unwind.

DeFi replaces middlemen with code

At its core, DeFi is a stack of financial apps built on blockchains such as Ethereum. Instead of routing trades, loans, and interest payments through a bank or broker, users interact with smart contracts that execute rules automatically.

That design changes who controls the product. A lending app can accept collateral, set interest rates, and liquidate risky positions without a human desk in the middle. A trading app can match buyers and sellers through code. A savings app can route deposits into pools that pay variable returns.

The basic promise is access. Anyone with a wallet and an internet connection can use these systems, which is why DeFi has drawn attention in countries where banking access is limited or expensive. The tradeoff is that users also inherit the risks of the code itself, plus the volatility of crypto assets.

• Loans are often overcollateralized, so users deposit more value than they borrow.
• Interest rates can move quickly because they follow supply and demand in the pool.
• Smart contract bugs can freeze funds or let attackers drain them.
• Price swings can trigger liquidations even when the protocol is working as designed.

MakerDAO, Compound, and the yield boom

The first big DeFi wave came from lending and stablecoins. MakerDAO launched in 2017 and let users borrow DAI, a dollar-pegged token created by smart contracts. In September 2024, MakerDAO rebranded as Sky, and DAI became USDS.

Then Compound Finance made lending feel more like a market. In June 2020, it began rewarding lenders and borrowers with COMP, its governance token. That kicked off a rush of “yield farming,” where users moved capital from pool to pool chasing interest, fees, and token rewards.

“The most important thing to understand about DeFi is that it’s about trust minimization, not trust elimination.” — Vitalik Buterin

But that rush also exposed the sector’s weakest points. DeFi apps can promise high returns, yet they depend on code quality, price feeds, and liquidity that can vanish during stress. The same mechanics that make them efficient also make them brittle when markets turn.

A few numbers make the boom-and-bust cycle easy to see:

• Compound’s COMP rewards helped turn lending into a speculative strategy in 2020.
• Bloomberg reported in September 2020 that DeFi accounted for two-thirds of crypto market price changes.
• DeFi collateral reached $178 billion in November 2021.
• That figure dropped to under $40 billion by 2023 after the broader crypto downturn.

Security failures and fake decentralization

DeFi’s biggest problem is not just volatility. It is code risk. Wikipedia’s summary of the field is blunt: coding errors and hacks are common. Flash loans, which let users borrow large sums and repay them in a single transaction, made that risk worse because attackers could borrow capital, distort prices, and exploit a protocol before the transaction ended.

Aave helped popularize flash loans, and they became a favorite tool for attackers trying to manipulate markets. The lesson is simple: when settlement is automated and fast, a bug can become an exploit in minutes.

There is also a deeper governance problem. Some projects claim to be decentralized while keeping key controls in a small group of hands. That creates what DeFi researchers and regulators call false decentralization. If a protocol can be changed by a tiny insider set, it may be treated like a financial intermediary anyway.

That matters because the label changes the legal and technical risk profile. A truly decentralized protocol can act more like neutral infrastructure. A half-decentralized one can still be vulnerable to manipulation, admin-key abuse, or regulatory pressure aimed at a central operator.

• Flash loans can be used for arbitrage, but also for price manipulation.
• Admin keys can rescue a protocol, then become a single point of failure.
• Oracles can feed bad prices into otherwise correct contracts.
• Cross-chain bridges can widen access while adding more attack surface.

Regulation is forcing DeFi to adapt

By 2024, regulation had become impossible to ignore. The European Union’s MiCA framework began shaping stablecoin issuers and custodial services, and many DeFi teams started adding off-chain compliance layers. That does not make the systems traditional finance, but it does mean pure permissionlessness is getting harder to maintain at scale.

Projects are responding in practical ways. Some are building hybrid models that keep the settlement layer on-chain while moving identity checks, risk scoring, or user screening off-chain. Others are adding decentralized identity tools such as Worldcoin and Polygon ID to support lightweight KYC or on-chain credit scoring.

Interoperability is improving too. Wormhole and