Defi or decentralized finance refers to financial activities (sending, trading, lending, borrowing etc.) that take place purely on blockchains. The opposite of Defi is Tradfi (traditional finance) where those same activities occur within centralized entities (think Coinbase, Robinhood, Wells Fargo, Chase and any other entity that holds your money for you).
Defi helps cut out middle men (and their associated cost) that exist in centralized entities, makes it easier to custody and control your own assets, and makes financial assets easier to send and trade.
Transactions within Defi are irreversible. No one is running Defi protocols, it's simply code. Therefore if a transaction is made by mistake there is no help desk to call to help you reverse it.
For some this is a feature - it means that centralized entities can't block you from participating in any financial activity. But it does cause problems if you did something by mistake.
In order to mitigate this risks its suggested to do test transactions when sending large amounts of money and to be sure the protocol you're using is reputable.
Defi protocols are just computer programs. Software is written by humans and therefore comes with two risks: bugs and hacks.
Bugs are unintended functionality in software when code wasn't written right which can cause unexpected behavior and in the case of Defi, loss of funds. See example in this link.
Hacks are when someone takes advantage of how a program was written to get access to data or control they weren't supposed to be able to access. In Defi this also leads to loss of funds. See example in this link.
The best way to mitigate against software risks is to use reputable wallets and protocols. For example you can check to see if a protocol has been audited or how much money is currently held and how long it's been operating. Generally speaking a protocol that has been around longer and holds more money is less likely to have a hack.
Scams occur in all forms of finance but because of the newness of crypto in general, there is a relatively larger amount of scams.
Scams in crypto most often take three shapes:
1. Copy cats of prominent protocols and wallets seeking your wallet keys.
2. Phishing Messages through email, Twitter, Telegram, Discord, etc. also seeking your wallet keys.
3. Protocols or coins launched to bring in users and then take their funds and run.
You can mostly avoid types #1 and #2 by remembering one rule: other than your wallet, no protocol, app, or person, should ever ask for your wallet secret phrase. If anyone asks for your for secret phrase or tries to give your theirs they are trying to scam you.
To avoid #3 avoid investing in extremely early protocols or coins unless you're very familiar with the project and the founders.
Regulation still hasn't caught up with crypto yet. It is possible that some types of crypto and crypto protocols could be deemed illegal in the U.S. depending on how different coins and protocols are defined by U.S. regulators.
The best approach to mitigating this risk is keeping tabs on crypto regulation.