Open any DeFi app for the first time and you will be asked to do three things in quick succession: connect a wallet, pay a gas fee, and approve a token. Most new users click through all three without really knowing what they just agreed to. That is exactly how people lose money — not to exotic exploits, but to ordinary transactions they never learned to read.
These three concepts are the alphabet of decentralized finance. Every swap, every deposit, every yield strategy is built on top of them. Get them right and the rest of DeFi becomes legible. Get them wrong and even a safe protocol can drain your funds.
Your wallet is a signing device, not an account
A DeFi wallet is not like a bank account. There is no customer service desk, no username and password, no "forgot my credentials" button. What you actually hold is a pair of cryptographic keys — a public address that receives funds and a private key that authorizes everything you do. If you want the full picture of how that math works, the primer on public keys and private keys walks through it step by step.
When you "connect a wallet" to a DeFi app, you are not logging in. You are handing the app a window through which it can ask you to sign messages. The app never sees your private key. It proposes a transaction, your wallet displays it, and you decide whether to sign. That distinction matters because it means the wallet — not the app — is your last line of defense.
Most wallets come in two flavors: software wallets that live on your phone or browser, and hardware wallets that keep keys on a dedicated device. Both types derive their keys from a seed phrase, which is the real master credential. Lose the seed phrase and you lose the funds; leak it and someone else spends them. No protocol, exchange, or support agent can reverse either outcome.
Gas: paying the network to execute your request
Every action you take on a blockchain — sending a token, swapping, staking — is a computation that thousands of nodes must run and agree on. Gas is the fee you pay to compensate whoever produces the block that includes your transaction. It is not a fee paid to the app you are using; it goes to the network itself.
Gas costs scale with two things: how complex your transaction is, and how busy the network is right now. A simple transfer is cheap. A transaction that routes through three pools, claims rewards, and re-deposits into a vault is far more expensive because it executes more instructions. When a popular mint or a market panic floods the network, the price per unit of computation spikes, and the same transaction that cost cents yesterday can cost tens of dollars today.
This is why Layer 2 networks matter so much for ordinary users. The same swap that costs tens of dollars on Ethereum mainnet during congestion might cost less than fifty cents on an L2 like Arbitrum, Base, or Optimism. The underlying logic is identical — the L2 batches many transactions and settles them cheaply back to Ethereum — but the user experience is an order of magnitude more forgiving. For beginners, doing your first swaps on an L2 is not just cheaper; it makes mistakes less painful to learn from.
One hard rule: you always pay gas in the network's native token. On Ethereum and its L2s, that is ETH. If you bridge USDC to an L2 but forget to bring a small amount of ETH, you will not be able to move anything — including the USDC itself. Always keep a small gas reserve on every chain you use.
Token approvals: the most misunderstood signature in DeFi
Here is where most users get hurt, so read this section twice. On Ethereum and its L2s, tokens are not stored by the protocols that use them. Your USDC sits in your wallet. When a DEX like Uniswap wants to swap your USDC for ETH, it cannot just reach in and take it — that would violate the entire security model. Instead, you have to sign a separate transaction first, called an approval, granting the protocol's smart contract permission to move a specified amount of that token on your behalf.
Approvals are a two-step dance: approve, then transact. The first time you interact with a new token on a new protocol, you will pay gas twice — once to approve, once to swap or deposit. Every subsequent interaction with that same token and protocol only costs one transaction, because the approval is already on file.
The problem is what wallets quietly do by default. To save you from paying gas for approvals over and over, most wallets pre-fill the approval amount to "unlimited" — a value so large it effectively means the contract can move every token of that type you will ever own, forever, until you explicitly revoke it. For a battle-tested contract, this is a reasonable convenience. For a random contract you encountered via a link in a social feed, it is a blank-signed cheque handed to a stranger.
This is how many of the largest personal DeFi losses happen. The victim does not get their seed phrase stolen. They sign an unlimited approval to a malicious contract disguised as an airdrop claim, an NFT mint, or a "wallet verification" page. The contract immediately uses that approval to drain every approved token out of the wallet. The signature was real, the user authorized it, and nothing on-chain can undo it. Good habits, which you can reinforce with the broader guide to crypto safety and scam avoidance, prevent most of these disasters.
Risks to understand before you participate
Even when every contract you touch is honest, the primitives above carry risks you should internalize.
- Approval blast radius. An unlimited approval persists until revoked, even if you stop using the protocol. Audit your active approvals regularly using a tool like Revoke.cash or your wallet's built-in permissions view, and revoke anything you no longer need.
- Signing blind. Wallets show you what you are about to sign, but most users do not read it. Learn to recognize the difference between a simple transfer, an approval, and a more complex signature like Permit2 or an off-chain message — the last two can also authorize token movement without a visible on-chain approval.
- Gas token exhaustion. Running out of ETH on an L2 while holding stuck positions is a common beginner trap. Keep a buffer.
- Phishing sites that mimic real apps. The URL is the ground truth. Bookmark the real one.
- Custody confusion. If your assets are on a centralized exchange, none of the above applies — because you do not actually hold them. For why that distinction matters, see not your keys, not your coins.
Key takeaways
- Your wallet signs transactions; it does not log you in. The private key, protected by a seed phrase, is the only real credential.
- Gas pays the network, not the app. Costs scale with complexity and congestion, and L2s exist to make everyday DeFi affordable.
- Token approvals are separate from transfers. Unlimited approvals are a convenience that can become a catastrophe if signed to a malicious contract.
- Every on-chain action is final. Read what you are signing, keep approvals tight, and revoke old ones.
- Cheap chains are the right place to learn. A mistake that costs fifty cents teaches the same lesson as one that costs fifty dollars.
