We’ve spent this series building up the layers of money: what it is, how payments move, how fraud is detected, and how central banks manage the whole system. Every layer depends on trust in institutions: banks, card networks, central banks, governments. Cryptocurrency asks a simple question: what if you could build a payment system that doesn’t require trusting anyone?
The answer turns out to be: you can, but the trade-offs are severe. Let’s understand what the technology actually does before deciding whether those trade-offs are worth it.
The double-spend problem
To understand why Bitcoin matters, you need to understand the problem it solved. And that problem isn’t “how do you make digital money”; people have been trying that since the 1980s. The problem is double spending.
Physical cash can’t be double-spent. If you hand someone a twenty-dollar note, you don’t have it anymore. The physics of matter ensures this: there’s only one note, and it’s either in your pocket or theirs.
Digital information doesn’t work this way. A digital file can be copied infinitely. If “money” is a file, you could send the same file to two different people simultaneously. Both would believe they’d been paid. Neither would know the other existed. You’ve spent the same money twice.
Before Bitcoin, every solution to this problem required a trusted intermediary (a bank, a payment processor, a central server) that maintained the authoritative ledger and checked each transaction against it. Want to send digital money? Tell the bank. The bank checks your balance, deducts the amount, and credits the recipient. The bank’s ledger is the source of truth, and double-spending is impossible because the bank won’t allow it.
This works, and it’s how the traditional financial system operates (as we covered in How Payments Work). But it has costs: the intermediary can censor transactions, freeze accounts, charge fees, and (if compromised or corrupt) alter the ledger. If you don’t trust the intermediary, you don’t trust the system.
Computer scientists had been working on this for decades. David Chaum proposed eCash in 1983, using cryptographic blind signatures to create anonymous digital payments, but it still required a central issuer. Adam Back invented Hashcash in 1997, using computational puzzles (proof of work) to prevent email spam. Wei Dai proposed b-money in 1998 and Nick Szabo proposed Bit Gold around the same time; both described decentralised digital currencies, but neither fully solved the double-spend problem without a trusted party.
In October 2008, someone using the pseudonym Satoshi Nakamoto published a nine-page paper titled “Bitcoin: A Peer-to-Peer Electronic Cash System.” The paper’s innovation wasn’t any single cryptographic technique; all the components existed already. The innovation was combining them to solve the double-spend problem without any trusted intermediary.
Blockchain as a data structure
The Bitcoin blockchain is, at its heart, a very specific kind of database. Understanding it requires three concepts: hash functions, hash chains, and Merkle trees.
Hash functions take an input of any size and produce a fixed-size output. Bitcoin uses SHA-256, which produces a 256-bit (32-byte) output. Feed in a single character, you get a 256-bit hash. Feed in the entire text of War and Peace, you get a 256-bit hash. The key properties: the same input always produces the same hash (deterministic), it’s computationally infeasible to reverse the process (one-way), and even a tiny change to the input produces a completely different hash (avalanche effect).
Try it yourself: the SHA-256 hash of “hello” is 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824. The hash of “hello.” (with a period) is c6ad64dba78b5d04b7f71993c374b4be17fb930376ed5a2aaf3b559f1a2ded7c. Completely different. There’s no way to look at the second hash and determine that the input was almost identical to the first. This is what makes hash functions useful for tamper detection.
A hash chain links data blocks together. Each block contains a hash of the previous block. Block 5 contains a hash of block 4. Block 4 contains a hash of block 3. And so on, back to block 1 (the genesis block). If you change anything in block 3, its hash changes, which means block 4’s recorded hash of block 3 no longer matches, which means block 4 is invalid, which invalidates block 5, and so on. To tamper with any block, you’d have to recalculate the hash of every subsequent block. The chain makes the history tamper-evident.
Merkle trees (named after Ralph Merkle, who patented the concept in 1979) are how the transactions within each block are organised. Instead of hashing all transactions together in one big pile, the transactions are arranged as the leaves of a binary tree. Each pair of transactions is hashed together. Then each pair of those hashes is hashed together. And so on, up to a single root hash (the Merkle root) that sits in the block header.
The Merkle tree structure lets you prove that a specific transaction is included in a block without downloading the entire block. You only need the transaction, the hashes along the path from the transaction to the root (called a Merkle proof), and the block header. For a block containing 4,000 transactions, the proof is about 12 hashes: a few hundred bytes instead of several megabytes. This is what makes it possible for lightweight clients (like a mobile wallet) to verify transactions without storing the entire blockchain.
Put these together: a blockchain is a hash chain of blocks, where each block contains a Merkle tree of transactions and a hash of the previous block. The entire structure is tamper-evident; any change to any transaction in any block is detectable by checking the hash chain. It’s an append-only ledger: you can add to it, but you can’t go back and change it without detection.
But tamper-evidence isn’t enough. Anyone can build a tamper-evident data structure. The hard part is getting thousands of computers around the world to agree on which blocks to add and in what order, without any of them trusting each other.
Proof of work
This is the consensus problem, and Bitcoin solves it with proof of work (PoW).
To add a new block to the chain, a miner must find a number (called a nonce) such that when combined with the block’s contents and hashed, the resulting hash starts with a certain number of zeros. Because hash functions are one-way, there’s no shortcut; the miner has to try nonces one by one until they find one that works. This is brute-force guessing, and it requires enormous computational effort.
The difficulty is automatically adjusted every 2,016 blocks (roughly every two weeks) so that, on average, a new block is found every 10 minutes, regardless of how much computational power is on the network. In early 2024, the Bitcoin network’s total hash rate was approximately 500 exahashes per second: 500 quintillion SHA-256 calculations per second. To put that in perspective, all the world’s supercomputers combined would be a rounding error compared to the Bitcoin mining network.
When a miner finds a valid nonce, they broadcast the block to the network. Other nodes verify it (checking that the hash is valid, the transactions are legitimate, no double-spending has occurred) and add it to their copy of the chain. The miner is rewarded with newly created bitcoin (currently 3.125 BTC per block, after the April 2024 halving) plus the transaction fees included in the block.
The reward halves every 210,000 blocks (approximately every four years). It started at 50 BTC in 2009, dropped to 25 in 2012, to 12.5 in 2016, to 6.25 in 2020, and to 3.125 in 2024. This halving schedule means Bitcoin’s total supply is capped at 21 million coins, with the last fraction expected to be mined around the year 2140. About 19.6 million have been mined so far.
Why does proof of work solve double-spending? Because it makes rewriting history prohibitively expensive. To double-spend a bitcoin, you’d need to make a payment, wait for it to be confirmed in a block, and then create an alternative version of the blockchain where that payment didn’t happen and some other transaction (sending the bitcoin back to yourself) did. But creating that alternative chain requires redoing the proof of work for every block from the altered one onward, and doing it faster than the rest of the network is extending the legitimate chain.
As long as no single entity controls more than 50% of the network’s mining power, the legitimate chain will always grow faster than any attacker’s alternative. This is the 51% attack threshold, and it’s the fundamental security assumption of proof-of-work blockchains. For Bitcoin, with its current hash rate, mounting a 51% attack would require more specialised hardware (ASICs) than exists in the world, and electricity costs in the billions of dollars. It’s theoretically possible but practically infeasible.
The energy cost is real and significant. The Cambridge Centre for Alternative Finance estimates Bitcoin’s annualised electricity consumption at approximately 150 terawatt-hours, roughly the same as Poland or Egypt. This is the most common criticism of proof of work, and it’s legitimate. The system’s security is literally powered by electricity consumption, and the more valuable Bitcoin becomes, the more electricity miners are incentivised to consume.
Proof of stake
Proof of stake (PoS) is the main alternative consensus mechanism, and it’s what Ethereum (the second-largest cryptocurrency by market capitalisation) switched to in September 2022 in an upgrade called “The Merge.”
In proof of stake, there are no miners solving puzzles. Instead, validators lock up (stake) cryptocurrency as collateral. To participate in creating blocks, you deposit your coins with the network. The protocol selects validators to propose and attest to blocks, with the probability of selection roughly proportional to the amount staked. If you behave honestly, you earn rewards (newly minted coins plus transaction fees). If you behave dishonestly (for example, trying to attest to two conflicting blocks simultaneously) your stake is slashed: part or all of your deposited coins are destroyed.
The security model is different from proof of work. Instead of making attacks expensive in electricity, proof of stake makes attacks expensive in capital. To mount a 51% attack on Ethereum, you’d need to control over 50% of all staked ETH (currently about 32 million ETH, worth roughly $100 billion at 2024 prices). And if the attack were detected (which it would be), your staked ETH would be slashed. The attacker would lose their collateral. In proof of work, a failed attack wastes electricity but the hardware survives. In proof of stake, a failed attack destroys capital.
The energy savings are dramatic. Ethereum’s energy consumption dropped by approximately 99.95% after The Merge: from roughly 78 terawatt-hours per year (comparable to Chile) to about 0.01 terawatt-hours (comparable to a few thousand US households). This is the primary argument for proof of stake and the primary reason most newer blockchains use it.
The trade-off is philosophical as much as technical. Proof of work is secured by physics: the laws of thermodynamics guarantee that computing hashes costs energy, and nobody can fake that cost. Proof of stake is secured by economics: the assumption that validators won’t destroy their own capital. Bitcoin maximalists argue that proof of work is the only truly trustless consensus mechanism. Ethereum advocates argue that proof of stake provides equivalent security at a fraction of the environmental cost. The debate is ongoing and heated.
Bitcoin’s actual innovation
Bitcoin’s genuine innovation isn’t any single component. Hash functions, Merkle trees, peer-to-peer networks, and proof of work all existed before 2008. The innovation is the specific combination that solves the double-spend problem in a permissionless, decentralised setting.
Permissionless means anyone can participate. You don’t need to apply for an account, pass a credit check, or be approved by anyone. Download the software, and you’re on the network. This is genuinely novel. Every previous payment system required permission from some authority.
Decentralised means there’s no single point of failure or control. Bitcoin has no CEO, no headquarters, no customer service number. The software is open source. The network is maintained by thousands of independent nodes across the world. No government can shut it down by raiding an office, because there is no office.
The combination of these properties creates something that didn’t exist before: censorship-resistant money. No one can prevent you from making a Bitcoin transaction. No one can freeze your Bitcoin. No one can reverse a confirmed transaction. For people living under authoritarian regimes, or in countries with currency controls, or in situations where the traditional financial system has failed them, this property has real value.
In 2022, when Western nations froze hundreds of billions of dollars in Russian central bank reserves, it demonstrated both the power of the traditional system and the vulnerability it creates. Bitcoin offers an alternative where that trust isn’t required.
But Bitcoin has severe limitations. It processes about 7 transactions per second; Visa processes about 65,000. Transaction fees spike during high demand; in December 2017 and again in April 2024, average fees exceeded $50 per transaction. Confirmation times are at best 10 minutes and typically 30-60 minutes for high-value transactions. It’s not a practical payment system for buying coffee.
Smart contracts
Bitcoin’s scripting language is intentionally limited; it can handle simple conditions (multi-signature wallets, time-locked transactions) but not general computation. Ethereum, launched in 2015 by Vitalik Buterin, extended the blockchain concept to support smart contracts: programs that execute automatically on the blockchain when certain conditions are met.
A smart contract is, at its simplest, an if-then machine that nobody controls. Once deployed, it runs exactly as written. No one can alter it (unless the contract was specifically designed to be upgradeable). No one can stop it. The contract’s rules are enforced by the network, not by a legal system.
The canonical example is an escrow. Alice wants to buy something from Bob, but neither trusts the other. Traditionally, they’d use a trusted third party (an escrow agent) to hold the money until the goods are delivered. A smart contract can replace the escrow agent: Alice deposits the money into the contract, the contract releases it to Bob when a specified condition is met (perhaps confirmation from a delivery service, or approval from both parties, or passage of a deadline). If the condition isn’t met, the money is returned to Alice. No human intermediary, no fees beyond the transaction cost, no business hours.
In practice, smart contracts are used for far more complex applications:
Decentralised exchanges (DEXs) like Uniswap allow users to trade tokens directly with each other using automated market makers (AMMs): smart contracts that hold pools of two tokens and calculate exchange rates using a mathematical formula (typically the constant product formula: x * y = k). There’s no order book, no matching engine, no exchange operator. The smart contract is the exchange. Uniswap has processed over $2 trillion in cumulative trading volume since its launch in 2018.
Lending protocols like Aave and Compound allow users to lend and borrow cryptocurrency without a bank. Lenders deposit tokens into a smart contract pool and earn interest. Borrowers put up collateral (typically 150% or more of the loan value) and borrow against it. If the collateral’s value falls below a threshold, the contract automatically liquidates it to repay the lender. Over $20 billion in assets are locked in DeFi lending protocols at any given time.
Stablecoins are tokens pegged to a fiat currency, usually the US dollar. The two largest are Tether (USDT) and USD Coin (USDC), each backed (in theory) by reserves of dollars and dollar-equivalent assets. Together they represent over $130 billion in circulating supply. They’re the bridge between the crypto world and the traditional financial system, and they’re enormously important: most crypto trading is denominated in stablecoins, not in Bitcoin or Ethereum directly.
Algorithmic stablecoins, which maintain their peg through smart contract mechanisms rather than reserves, have a more troubled history. TerraUSD (UST) collapsed spectacularly in May 2022, losing its dollar peg entirely and destroying approximately $40 billion in value in a matter of days. The mechanism was a feedback loop with a companion token called LUNA that worked in theory but failed catastrophically when confidence broke. It was the closest thing to a digital bank run.
What crypto genuinely solves
Strip away the speculation, and cryptocurrency solves a specific set of problems:
Permissionless payments. Anyone with an internet connection can send and receive value without a bank account or government approval. For the estimated 1.4 billion unbanked adults worldwide (World Bank, 2021), this is meaningful.
Censorship resistance. Transactions cannot be blocked, reversed, or frozen by any authority. This matters for dissident movements, migrant remittances, and countries with capital controls.
Programmable money. Smart contracts enable financial applications that execute automatically and without intermediaries. DeFi’s composability (where one protocol’s output feeds another’s input) has produced genuinely novel financial infrastructure.
Transparent ledgers. All transactions are publicly auditable, which has value in a world where financial opacity enables corruption, though it also creates privacy challenges.
What crypto doesn’t solve
Scalability. Bitcoin processes 7 transactions per second. Ethereum processes about 30. Layer-2 solutions (Lightning Network for Bitcoin, rollups for Ethereum) improve throughput but add complexity and their own trust assumptions. No blockchain comes close to centralised payment systems.
User experience. Lose your private key and your money is gone forever: no “forgot password” link, no customer service, no recourse. In 2013, a British IT worker named James Howells accidentally threw away a hard drive containing 8,000 bitcoin (worth over $500 million at 2024 prices). He’s been trying to excavate the landfill ever since. The city council has refused permission.
Volatility. Bitcoin’s price has dropped by more than 50% on five separate occasions. Stablecoins address this within the crypto ecosystem, but they reintroduce the trust in institutions that crypto was supposed to eliminate.
Environmental cost. Proof of stake largely solves this, but Bitcoin (the largest cryptocurrency) still uses proof of work, with no indication it will change.
Governance. “Decentralised” is relative. Bitcoin’s development is controlled by a small group of core developers. Ethereum’s roadmap is heavily influenced by the Ethereum Foundation. Mining and staking are concentrated among large operators.
Illicit use. Chainalysis estimated that $24.2 billion in cryptocurrency was received by illicit addresses in 2023. The transparent ledger makes some activity traceable (the FBI has tracked and recovered ransomware payments using blockchain analysis), but privacy coins like Monero and mixing services like Tornado Cash make tracing harder.
DeFi: decentralised finance
DeFi is the umbrella term for financial applications built on smart contracts. The premise is that every function performed by traditional financial institutions (lending, borrowing, trading, insurance, derivatives) can be replicated in code, without the institutions.
At its peak in late 2021, DeFi protocols held over $180 billion in total value locked (TVL): assets deposited in smart contracts. The number has fluctuated with crypto market cycles but remains substantial.
The innovation is real. Composability (the ability to plug DeFi protocols together like building blocks) has produced financial applications that would be impossible in the traditional system. A user can deposit ETH as collateral in Aave, borrow stablecoins against it, provide those stablecoins as liquidity on Uniswap, earn trading fees, and use the liquidity provider tokens as collateral elsewhere, all in a single automated transaction. This is called money Legos, and it’s genuinely novel.
The risks are also real. Smart contract bugs have caused billions of dollars in losses. The Ronin bridge hack (March 2022, $625 million stolen), the Wormhole bridge hack (February 2022, $320 million), and the Nomad bridge hack (August 2022, $190 million) all exploited vulnerabilities in smart contracts or validator sets. The difference from traditional finance is that bugs are exploited before anyone notices, and the transactions are irreversible. In 2016, when an attacker drained $60 million from The DAO (a smart contract investment fund), the Ethereum community voted to hard fork, rewriting the blockchain to undo the theft. A minority rejected the fork on philosophical grounds and continued the original chain as Ethereum Classic. The episode revealed a fundamental tension: decentralisation promises code-is-law, but when the law produces a bad enough outcome, the humans intervene.
CBDCs: central banks strike back
If cryptocurrency is an attempt to build money without central banks, Central Bank Digital Currencies (CBDCs) are central banks’ attempt to build cryptocurrency without decentralisation.
A CBDC is a digital form of a country’s fiat currency, issued and backed by the central bank. Unlike commercial bank deposits (which are IOUs from a private bank) and unlike cryptocurrency (which is maintained by a decentralised network), a CBDC would be a direct liability of the central bank: as safe as physical cash, but digital.
As of 2024, according to the Atlantic Council’s CBDC Tracker, 134 countries representing 98% of global GDP are exploring CBDCs. Eleven countries have launched one, most notably Nigeria (eNaira, launched October 2021) and the Bahamas (Sand Dollar, launched October 2020). China’s digital yuan (e-CNY) has been in extensive pilot testing since 2020, with over 260 billion yuan ($36 billion) in cumulative transactions across multiple cities.
The motivations include financial inclusion (providing digital payments to the unbanked via basic mobile phones), payment efficiency (the BIS is running a project called mBridge exploring multi-CBDC cross-border settlement), countering cryptocurrency (if people hold savings in Bitcoin rather than the national currency, monetary policy weakens), and new policy tools (interest-bearing CBDCs could transmit rate changes directly to holders, and negative rates could theoretically be applied during deflationary crises, something that’s difficult with physical cash but trivial with digital currency).
The privacy concerns are serious. A CBDC gives the central bank, and by extension the government, direct visibility into every transaction. Physical cash is anonymous. A CBDC, depending on its design, might not be. China’s digital yuan has attracted particular scrutiny, given China’s surveillance state. European proposals have emphasised privacy protections, but whether those protections survive contact with law enforcement demands is unclear.
Whether CBDCs will actually be widely adopted remains uncertain. Nigeria’s eNaira has seen limited uptake despite government incentives. Sweden’s e-krona project has been in pilot for years without a launch decision. The technology is mature. The question is whether the public wants it, and whether governments can implement it without eroding the privacy that physical cash provides.
Where it all stands
Cryptocurrency is a genuine technological innovation that solved a real computer science problem: maintaining a consistent ledger without trusting anyone. That achievement stands regardless of the price of Bitcoin, the quality of NFT art, or the number of scams that have exploited the ecosystem.
But it exists in tension with the financial system we’ve explored through this series. That system, money as social ledger, card networks as messaging systems, fraud detection as real-time classification, central banks as stability mechanisms, is slow, expensive, and gatekept. It’s also deeply embedded, highly resilient, and used by billions of people every day. Cryptocurrency is fast-moving, cheap for some use cases, and permissionless. It’s also volatile, hostile to non-technical users, and used by a tiny fraction of the world’s population for actual payments.
The future probably isn’t one or the other; it’s both, in different proportions for different purposes. Real-time payment systems like UPI and PIX are absorbing some of crypto’s domestic payment advantages. Stablecoins are bridging the gap between crypto rails and fiat currencies. CBDCs might eventually provide a state-backed digital alternative. And Bitcoin will likely continue to exist as a unique asset (digital gold, perhaps, rather than digital cash) valued because no one controls it.
The technology works. The question was never whether you can build a payment system without trust; it’s whether the world wants one.