LoginDeep Dive into Bitcoin: Answers to the Questions You Rarely Ask
How to hack Bitcoin? How does the blockchain calculate time? How does mining difficulty change? What happens if two miners mine a block simultaneously? Where are transactions stored before confirmation, how are fees calculated, and is it possible to send a transaction with zero fee? What types of nodes exist in the blockchain, and how do they differ? When can you use mining rewards?
Here I provide deeper answers to these questions because popular materials about Bitcoin either don’t explain these things at all or do so very superficially. To understand this article, you need a minimal understanding of how blockchain works, which you can get here: https://vas3k.com/blog/blockchain/
TL;DR
- How to hack Bitcoin?
A quantum computer will only be able to derive a private key from a public key after a transaction has been sent. If no transaction has occurred, the wallet is protected.
A 51% attack only provides the ability to cancel your own or others’ transactions to double-spend your own coins; gaining control over others’ coins is impossible. - How does mining difficulty change?
Difficulty is recalculated every ~2 weeks based on the mining time of the previous two weeks. - What happens if two miners mine a block at the same time?
The chain temporarily splits until one branch becomes longer. The longer branch becomes the main one. - When can mining rewards be used?
After 100 blocks. - How does the blockchain calculate time?
Based on the median time of the past 11 blocks and the system time of the nodes. - Where are transactions stored before confirmation, how is the fee calculated, and can you send without one?
They’re stored on nodes for no more than two weeks. A zero-fee transaction is theoretically possible but practically almost impossible to get confirmed. - What nodes are in the blockchain and how do they differ?
Full nodes — hold the blockchain data and enforce the rules.
Miners — query full nodes for data and build new blocks.
Light nodes — often used in wallets on weak devices; they query full nodes for what they need.
What’s the point of Bitcoin (besides speculation), in plain English
Bitcoin is an alternative financial system that does not require user trust. When using traditional banks, we must trust them not to steal or lose our money, and if that happens, we must trust the state to be able to return it. We also have to hope that money won’t be blocked at the whim of authorities or bank employees.
The point of Bitcoin is the opposite: everything is tied to strict mathematics that removes the probability of all these potential problems (or drastically reduces), provided you store Bitcoin in a personal non-custodial wallet.
Non-custodial wallet: A wallet controlled only by whoever has the private key; essentially just a small file/program that stores keys and signs transactions.
Custodial wallet: An account on an exchange that controls your assets and stores your funds in its own non-custodial wallets. This allows the exchange to block or seize your funds if you violate its rules or national laws, though the exchange offers more convenient and expanded functionality in return.
Interesting fact: A Bitcoin wallet is not an object inside the blockchain, but a program that stores keys and signs transactions.
The blockchain stores UTXOs (Unspent Transaction Outputs). Each UTXO is “locked” by a condition (program), usually tied to an address (practically, a hash of a public key).
To spend a UTXO, the wallet creates a transaction referencing that UTXO as an input and adds a signature. Network nodes verify the signature and the script’s execution. As a result, the old UTXO becomes spent, and the transaction creates new outputs — new UTXOs for the recipients.
A private key is a number. A public key can be calculated if you have the private key, but the reverse is practically impossible (how that’s attacked is discussed later in the “attacks” section). Using a private key, you can sign data, but this signature cannot be forged with a public key. Meanwhile, the public key can verify that the signature was produced by the corresponding private key.
In early versions, the wallet address was the public key. But later, addresses derived as a hash/encoding of the key or script began to be used. This is a crucial point for the section on quantum computer attacks.
Once a transaction is signed, it must be embedded in a block. First, it goes into a general pool of unconfirmed transactions (mempool), where any miner can take it to create a block.
But a transaction can exist only once in the blockchain, so the network can’t allow every miner to create their own block with the same set of transactions and have them all accepted.
Block Header
Each block has a header containing version data, the previous block’s hash, the merkle root (hash of all transactions in the current block), time, bits (mining difficulty), and a nonce.
Here’s an example (block 900K)
• version: 0x20aba000
• previous block hash: 0000000000000000000196400396be46d0816dc462df4c3450972f589f4d7d24
• merkle root: 0cfb54e522b07bd1a381adc774ec1851590ef4c3add83958135106534569f970
• time (unix): 1749188499 _(2025–06–06 06:41:39 UTC)_
• bits (nBits): 0x17023774
• nonce: 0x925fd07a
All of these fields are combined and then hashed via SHA-256.
SHA-256 is a hashing technology: take some data and turn it into a different set of numbers that you can’t convert back into the original data if you only know the hash. But you _can_ verify it, because for a fixed input X the result is always the same output Y. So knowing X gives you Y; knowing Y does not practically give you X back — even with a quantum computer.
You can try hashing any data here.
SHA-256 is also one of the core tools in the HTTPS connections we use every day, and it plays a key role in hundreds of internet protocols.
The nonce is needed to find out whose block to record. Miners change the nonce so the header’s hash is less than the target. In our example, the hash has 19 zeros.
Finding such a hash is hard. It takes roughly ~10 minutes of the entire Bitcoin network’s mining power. Blocks should appear roughly every 10 minutes — that’s how Satoshi Nakamoto designed it.
Why exactly this many zeros, and how does mining difficulty change?
It’s not actually about the zeros, but about the **target**. The target determines mining difficulty: the smaller the target, the higher the difficulty. A valid block header hash must be ≤ the target. Because small target numbers in hexadecimal start with zeros, hashes often appear with many leading zeros (e.g., ~19 or more). The smaller the target, the rarer it is for a random hash to land below it, so mining becomes harder.
Difficulty Calculation Hack: If the difficulty increases by 16 times, the required threshold becomes 16 times lower— often resulting in one additional leading hex-zero.
Difficulty adjustments (retarget) occur every 2016 blocks (roughly 2 weeks, 1 block ~10 minutes). The blockchain uses a simple formula:
Target_new= target_old*T_act/T_exp, 4Texp
Target_new = new target (new difficulty)
Target_old = old target
T_act = actual time it took to mine the last 2016 blocks
T_exp = expected time for 2016 blocks: 2016*600 seconds (10 min = 600 sec)
4T_exp= The change is limited: difficulty can’t shift more than 4× either way.
If, since the last difficulty retarget, the network’s total hash rate (the combined power of all miners) has increased over the past 2,016 blocks, then with near-certainty the average time to mine a block will decrease. That means the actual time to produce those 2,016 blocks T_act will be less than the expected time T_exp, so T_act/T_exp < 1. As a result, the new target Target_new will go down: and the lower the target, the higher the difficulty and the harder it is to mine.
But what to do if two different miners mine a block at the same time?
That happens,and there’s a safety mechanism for it.
In theory, they can make practically identical blocks if the same transactions in the same order fall into each block. But blocks still won’t be identical because the first transaction in every block is the coinbase (the miner reward), and it pays to the miner’s address — so two miners can’t have the exact same block because their addresses differ.
But it is possible that two miners almost simultaneously mine different blocks. If the delay between the creation of a block and its distribution among nodes is 2 seconds, then this means that after the creation of the first block, there is a two-second gap in which a second block can be created. The longer this time, the higher the probability, but with each year this time is reduced. The probability of creating three blocks is almost negligible, but the protection system is the same.
If two blocks are created, they are saved in nodes, and these two chains are passed further. Miners then choose which block to build on — usually the one they saw first. And when they find the next block for one of the chains, it is distributed further and the nodes agree with it, and the shorter version is forgotten. This is the rule of the longer chain. Even if 2, 3, or more blocks in a row are formed in two chains, sooner or later one branch outpaces the other.
Transactions have 3 probable paths:
1. Fall into the chain that wins, then they remain in the blockchain.
2. Fall into both chains, then only the version in the winning chain remains relevant.
3. Fall into the chain that loses, then they go again into the pools of unconfirmed transactions (more on this below).
A few numbers:
- Approx. probability of a fork given ~1s delay: 0.17%
- A second block on the same competing branch: 0.00028%
- Third: 4.6*10^⁻⁹
- Fourth: 7.7*10^⁻¹²
That’s why exchanges don’t credit your deposit after 1 confirmation. Typically they wait for 6 confirmations — ~1 hour on average (6 blocks × 10 minutes).
There is no limit to the length of the second/third chain because they disappear quickly. Not counting these two cases:
- Reorganization through 53 blocks due to a bug in the software (source).
- Another incident with reorganization through 24 blocks (source).
And there is also the possibility of an attack through a second chain, but about this at the very end.
From this follows the next question:
Since the miner receives a reward for mining a block, what happens when two blocks are mined?
Simple: a miner can spend the reward only after 100 blocks.
If you are a miner and mined block № 1000, you will be able to use the reward for this block only starting from block №1100. This looks like a time-lock transaction, but technically it is not one. I will write about the time-lock technology next time, this is already turning into too much text.
Miners add transactions to the blockchain, receiving a fee for this. And from this follow a few more questions:
Where and for how long are unconfirmed transactions stored, and can a transaction with a zero fee pass in theory?
The fee in Bitcoin depends not on the number of tokens sent in the transaction, but on the size of the transaction and the occupancy of the network at the given moment. After sending your transaction from a non-custodial wallet, it goes to the nearest node(s), these nodes decide based on several characteristics whether to accept your transaction or not:
1. Does it comply with the rules and did you not assign yourself non-existent tokens or something else?
2. Is the specified transaction fee sufficient?
If the answer to one of these questions is no, the node will not take the transaction and it will not fall into the blockchain, and your balance will not change. It turns out that a zero fee, in most cases, will not pass into the blockchain, although theoretically a miner can include such a transaction in a block, it is extremely unlikely.
How does a node assign a fee?
The node has a certain amount of memory where it stores such unconfirmed transactions after receiving them, but until the moment they are recorded in the blockchain.
By default, it is limited to 300 MiB of RAM memory and 336 hours of storage. However, if the blocksonly setting is enabled in Bitcoin-Core 25.0, the RAM memory will be reduced to 5 MiB; this is often done for validating the blockchain.
All these data can be changed when setting up the node, but this is often not done, as for most it would be a simple waste of extra resources.
And what will happen if you send a transaction with the minimum allowable fee?
If the node does not throw it out after adoption due to overflow, and if miners will not take this transaction due of small fee, it will be deleted after 336 hours = 2 weeks.
After the transaction is accepted, nodes distribute it to other nodes, and miners insert transactions with the highest fees into the block.
Considering the limits on transaction size of 400,000 weight units ≈ 100KB (but it could be more with SegWit, but those are already too small details). A maximum of 10 such large transactions can fit into 1 block, and ≈ 10,000 of the smallest. But on average it comes out to 2500 transactions per 1 block.
The fee itself is calculated by the formula: fee (sat) = vsize (vB) * feerate (sat/vB)
- fee = commission.
- vsize = transaction size.
- sat = satoshi, in one Bitcoin there are 100,000,000 satoshis.
- vB = Virtual Byte.
Your wallet can find out the minimum feerate from the nodes, but this is the lower boundary of whether the transaction will be distributed, not a guarantee of its confirmation. To estimate how much you need to pay now, wallets use mempool statistics and confirmation history.
An average transaction weighs 150vB; if at the given moment the average sat/vB = 2, then the transaction will cost 300 sat. And it will cost $0.27.
The highest sat/vB was in April 2024 during the halving and was from 1795 to 2751 sat/vB (source). On that day, an average transaction would have already cost from $160 to $245, depending on how quickly it needed to be processed.
The busier the network, the higher sat/vB. If you want your transaction to get confirmed faster, you set sat/vB above the current average.
Nodes define the fee as: fee = sum(inputs) — sum(outputs), then they look at the transaction size to check if it fits their internal policies.
Don’t forget about UTXO: if over time you received 10 separate incoming transactions, and now you want to send the entire balance in one transaction, the blockchain sees that as 10 inputs — meaning the transaction is larger and therefore more expensive.
To save on fees in the future, it is useful to sometimes do “consolidation” — sending yourself all small remnants in one transaction when the network is calm and sat/vB is minimal.
Returning to the first topic and the block header, the following question may arise:
How does the blockchain know that ~10 minutes passed, and that miners aren’t lying?
The blockchain receives information about the time from miners and nodes (nodes that store information but do not mine) in UTC format.
Miners write the time in the block header. Nodes have their own clocks and verify the median time received from other nodes.
Bitcoin is a closed system, so the blockchain cannot connect to ntp.org to check if the miners are writing the truth in the block header and the nodes or not.
How can the blockchain check if the nodes and especially the miners aren’t lying?
For this, there is MTP — Median Time Past.
Not the average, but precisely the median.
It is calculated from the last 11 blocks arranged in order. For example:
18, 2, 12000 (liar), 14, 6, 20, 10, 4, 16, 12, 8
If we take the average value, then we need to sum all these numbers and divide by 11, we get 1100. Because of the liar who put 12000, everything has changed a lot.
But if we take the median, then first we arrange them in order:
2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 12000 (liar)
And we take the value from the middle, that is, 12. This is how MTP is calculated.
The time of a new block is always greater than the MTP; otherwise, the block will not be accepted by other miners/nodes and will not be inserted into the blockchain.
But if someone wants to go to the future, at what time gap should blocks be rejected?
In the past Bitcoin used NAT — Network Adjusted Time (time adjusted by the network), which compared median time from peers. Later NAT was removed as a consensus component.
Now nodes use their own system UTC time to check how far “into the future” a new block is. If a block’s timestamp is more than 2 hours ahead of a node’s local time, that node rejects it.
If some node’s time differs significantly from other nodes, then NAT warns about it — that’s basically the only remaining use.
Miners and other nodes, how do they differ and why are they needed?
There are 3 main types of nodes in Bitcoin: a full node with two variations (archival and pruned), a light node, and a miner.
The other nodes are superstructures on top of these three pillars of the blockchain.
- Full archival node: a server that has all the information about the blockchain for all time. Validates or rejects blocks in accordance with the rules of the blockchain.
- Full pruned node: also checks blocks but does not store all data, only the UTXO and part of the last blocks.
- Relay node: a superstructure on top of a full node, which is connected to other nodes with a large number of peers for fast distribution of information. Like torrent seeders.
- Light node: stores only block headers to check their hashes. For transactions, it ask information from full node. Great for phone wallets or weak devices where storing dozens/hundreds of GB is inconvenient.
- Miner: takes information from a full node or is one; based on this information, searches for a nonce to produce a valid block, then broadcasts it to the network.
If you need a non-custodial wallet on a PC, then perhaps a full pruned node for this would be the best option. You can choose the one you need here: bitcoin.org/en/choose-your-wallet?step=1
How to hack Bitcoin?
There are many possible attack vectors. If I described all of them, the article would be longer than it already is. But someday I will write. For now, let’s briefly look at two hack variants that are often talked about.
Quantum Computer VS Bitcoin
A quantum computer could derive a private key from a public key — but there’s already partial protection. If you’ve never spent from your address, your wallet is protected because outsiders see only the hash of your public key, not the public key itself.
Even with a quantum computer, it is practically impossible to brute-force the hash of a public key. But after the first outgoing transaction, the public key becomes visible to everyone. Therefore, to protect against quantum attacks, you should use addresses once.
However, there’s still a possible “interception” scenario: if a quantum computer could, after you broadcast a transaction but before it’s confirmed, derive your private key from your revealed public key — it would have very little time, but that’s the idea.
But there are wallets (outputs) of old formats, where the public key is visible immediately, and such wallets can be hacked even if there was not a single transaction from them.
And there are also many “lost” wallets; transactions were made from some, but that was many years ago. And with the help of quantum computers, coins from these wallets will probably fall back into circulation and possibly crash the Bitcoin price. But let’s leave these speculations to analysts who were perfectly described by one satirical channel:
”Last week’s target for Bitcoin at 34 thousand dollars has been revised and now stands at 240 thousand.”
So, a quantum computer will not destroy Bitcoin in this way.
But they are already thinking about creating a reusable quantum-protected wallet. This will require a soft-fork (change of rules), which has been done more than once.
A couple of texts on this topic: BIP 0347 and BIP 360.
51% Attack
If 1 person has more than 51% of the mining power, it will be easy for him to create a second chain of blocks as he wants. In this case, he will be able to cancel transactions and rewrite the history of his spending.
But even in this case, he will not be able in any way to steal someone else’s coins that were never on his wallet. The older the transactions that need to be rewritten, the longer and harder it will be, and there is no 100% guarantee that it will work and he will be able to make his chain longer and faster than the other 49%.
Such an attack is possible even with 30% and 40%, but the probability is much lower.
How much money will be needed for such an attack?
If we attack from scratch, then we essentially have to have a power 0.5% more than the entire power of Bitcoin miners. The hashrate today is approximately 1 ZH/s = 1,000,000,000,000,000,000,000 SHA-256 hash findings per second.
Modern ASICs (mining devices) have a power of approximately 200 TH/s, meaning 5,000,000 of them will be needed. Their efficiency is ≈ 17–20 J/TH. Multiply by 10⁹ and you get 17–20 GW. A bit less than the power of the largest hydroelectric dam in the world.
To this, we add the prices for the ASICs themselves, which comes out to ≈ $7.5 billion. Not counting extra infrastructure which will also be very expensive.
Even all these costs will lead at most to double spending of own coins in the blockchain and censorship of transactions. And even then, it will be visible to everyone and the price will probably crash and the game will not be worth the candle.
If you are interested in diving deeper into WEB 3.0 technologies, subscribe to my X (x.com/Paolo3Web) where there will be more content, far from always so long, but no less interesting.
Deep Dive into Bitcoin: Answers to the Questions You Rarely Ask was originally published in Coinmonks on Medium, where people are continuing the conversation by highlighting and responding to this story.
