A peek under Bitcoin's hood

A Peek Under Bitcoin’s Hood: Reviewing Sam Lewis’s guide + everything you need to know (with FAQ)

Ever hit “Send” in your Bitcoin wallet and wonder what actually happens next? Why fees jump around, why a payment sometimes needs “six confirmations,” or why your wallet creates those mysterious “change” transactions?

I’ve been hearing the same pain points for years, so I sat down to re-read Sam Lewis’s 2017 post A peek under Bitcoin’s hood, then translated the tech into plain English with fresh 2025 context. The goal is simple: help you read the original with confidence and actually use what you learn when you send, receive, and manage Bitcoin.

The common headaches people have with Bitcoin basics

These are the questions I get the most—along with how Sam’s article helps and what’s changed since then:

• “How does a Bitcoin transaction actually work?”
  Sam maps the journey nicely: you spend previous outputs, add new outputs, then sign. In 2025, wallets are better at showing this—but most still hide the gritty details. Expect terms like “inputs,” “outputs,” and “change address.” Don’t worry—we’ll keep it human.


• “What is a UTXO, and why isn’t my balance just one number?”
  His explanation holds up: your “coins” are really a bunch of unspent outputs you control. That design affects privacy and fees. Today, most wallets optimize UTXOs under the hood, but knowing how it works helps you avoid costly mistakes (like creating tons of tiny outputs that cost more to spend later).


• “Is Bitcoin anonymous?”
  Sam grounds expectations well: it’s pseudonymous. In 2025, address reuse is still the biggest leak. Taproot and better wallet defaults help, but chain data is public. Think “privacy-aware,” not “invisible.” If you care about this, your wallet habits matter more than any buzzword.


• “How many confirmations are safe?”
  His rule-of-thumb still works: risk scales with value. For small in-person buys, 0–1 can be fine; for big transfers, aim for 3–6+. Exchanges often go stricter. The math behind this (reorg probabilities and costs) hasn’t changed, but miner landscapes and fee markets have matured.


• “Why are fees high sometimes, and what can I do?”
  Sam explains the mempool and priority. In 2025, fee spikes are more cyclical (think inscription/ordinal bursts and bull-run congestion). Good news: SegWit and Taproot spend less data per payment, and most modern wallets support RBF (replace-by-fee) to bump a stuck transaction. Track live conditions with tools like mempool.space.


• “What do miners actually do—beyond ‘create new coins’?”
  Sam’s framing is still the right one: miners compete to package valid transactions into blocks via Proof-of-Work. What’s new is scale and efficiency. Hashrate hit record highs in 2024, difficulty adjusted accordingly, and energy debates got more data-driven (flare gas, renewables, grid balancing). The security model stays the same; the ecosystem around it is more professional.

Here’s a simple way to picture what’s going on when you spend:

Think of UTXOs like bills in your physical wallet. When you pay, you pick one or more bills (inputs), hand them over, and get change back as a new bill (output) in a fresh address you control.

That mental model is the key to understanding fees, privacy, and why a $50 Bitcoin payment might require multiple inputs or generate change—even if the app makes it look like a single, clean number.

What you’ll get from this review (my promise)

• A plain-English tour of the core ideas in Sam’s 2017 article so the terms finally click.


• Quick updates where things evolved: SegWit, bech32/bech32m, Taproot, RBF/CPFP, and how wallets behave now.


• A practical FAQ you can actually bookmark and use when sending real transactions.


• Links to solid resources like Bitcoin Optech and mempool.space for live fee and network context.

Why trust this approach? Because we keep it grounded. For example, SegWit and Taproot reduce the weight of common transactions, which helps fees during congestion; fee spikes still happen during hype cycles, but spending efficiently and using RBF changes your experience from “stuck and stressed” to “in control.” That’s not theory—you can see it reflected during peak mempool weeks on fee charts and in wallet release notes across the industry.

Who this is for

• Beginners who want a clear mental model without needing a CS degree.


• Investors who want to understand fees, confirmations, and operational risk before moving larger amounts.


• Curious readers who are tired of buzzwords and want practical explanations they can test with small transactions.

If you’ve ever asked, “Why did my $20 payment cost more this week?” or “Why does my wallet create new addresses for change?”—you’re in the right place.

Ready to make sense of the basics everyone skips? Up next, I’ll show you what “under the hood” really means—how keys, addresses, and UTXOs connect so your balance isn’t just a mystery number on a screen. Want a quick, memorable picture you can’t unsee?

What “under the hood” really means: keys, addresses, and UTXOs

When you hit “Send” in a Bitcoin wallet, you’re not moving coins out of a single account. You’re authorizing the network to unlock specific chunks of value—called UTXOs—and re-lock them to someone else’s rules. Once this clicks, fees make sense, privacy choices feel obvious, and you stop fearing the “what if I do it wrong?” moment.

“Not your keys, not your coins.” — a reminder that ownership in Bitcoin is the power to sign.

Keys, wallets, and addresses—how they connect

Here’s the backbone, stripped of jargon and mystery:

• Private key: a secret number only you should know. It’s what lets you sign and spend your coins.


• Public key: mathematically linked to your private key. Others use it to check your signature is valid.


• Address: a human-friendly encoding of a locking rule (often “this public key can unlock”). It’s a target—not a mailbox. Coins aren’t stored in an address; the blockchain stores spendable outputs that point to rules an address represents.


• Wallet: software that manages many keys, builds transactions, and tracks your spendable outputs (UTXOs). Your “balance” is really a list it totals up.


• Seed phrase (BIP39): 12–24 words that generate all your keys via HD standards (BIP32). Lose it and you lose everything. Keep it offline and split, if needed.

Modern wallets constantly create fresh addresses from your seed—one for receiving and another for change. That’s on purpose. Address reuse leaks privacy and makes blockchain analysis trivial. This isn’t theory; the classic paper “A Fistful of Bitcoins” (Meiklejohn et al., 2013) showed how combining inputs and reusing addresses lets observers cluster identities. The fix is simple: let your wallet rotate addresses, and don’t post one address everywhere like it’s your forever “account number.”

Quick address cheat sheet:

• 1… Legacy (P2PKH). Works, but higher fees and older format.


• 3… P2SH. Often used for multisig or SegWit nested addresses.


• bc1q… Native SegWit (bech32, BIP84). Lower fees, safer format.


• bc1p… Taproot (bech32m, BIP86). Modern default for many wallets, simpler multisig look, compact signatures.

Resources if you like specs: BIP39, BIP32, BIP84, BIP86.

UTXO model explained like you’re sending change

Think of Bitcoin like cash, not a bank account. You don’t have “0.5 BTC” sitting in one place. You might have:

• 0.20 BTC from one past payment


• 0.15 BTC from a second payment


• 0.05 BTC from a faucet or friend

Those are three UTXOs—three digital “bills.” When you pay someone 0.22 BTC with a 0.0003 BTC fee, your wallet might select the 0.20 + 0.05 “bills” to cover it (0.25 total). It will create:

• One output to the recipient: 0.22 BTC


• One output back to you (change): 0.25 − 0.22 − 0.0003 = 0.0297 BTC

That change does not return to the same address you sent from; it goes to a fresh change address your wallet controls (derived from your seed). To an outside observer, your payment looks like two outputs, and they can’t be sure which one is change unless you leak clues (like address reuse).

Why this model matters in real life:

• Multiple inputs raise your fee: Fees are based on transaction size in vbytes, not the amount you’re sending. More inputs = bigger size = higher fee. Small “dusty” UTXOs can make spending expensive.


• Privacy hinges on inputs: When you spend several UTXOs at once, analysts often assume the same owner controlled them all (the “common-input” heuristic). Wallets try to minimize leaks, but your behavior matters.


• Consolidation strategy: When fees are low, it can be smart to consolidate many tiny UTXOs into one or two. When fees spike, avoid creating lots of tiny change outputs. Good wallets help automate this.

There’s strong evidence these heuristics work in the wild. Beyond the Meiklejohn paper, blockchain analytics firms have documented how address reuse and clustered inputs aid tracing; see Chainalysis’ reports and practical guidance from Bitcoin Wiki: Privacy. The antidote isn’t paranoia; it’s smart defaults: new addresses, careful coin selection, and avoiding unnecessary input merges when it counts.

Scripts and signatures (without scary math)

Every UTXO is locked by a tiny rulebook called a script. To spend it, your transaction must satisfy that rule. Common patterns:

• Single-sig (P2PKH / P2WPKH): “Prove you own this private key.” Your wallet adds a signature; nodes verify it matches the public key and the transaction data.


• P2SH / P2WSH: “There’s a more complex rule inside this wrapper.” Could be multisig or something else.


• Multisig (m-of-n): “Any 2 of 3 keys must sign.” Great for teams, treasuries, and personal security set-ups with hardware wallets.


• Timelocks (CLTV/CSV): “Spendable after block X” or “after Y days.” Useful for vaults and inheritance planning.

Taproot (BIP340–342) made this cleaner. It lets spenders present either a simple key signature or, if needed, reveal a specific script path—often making complex policies look like normal single-sig spends on-chain. The benefits are practical:

• Lower data footprint in many cases: Which can mean lower fees when your policy is satisfied via the key path.


• Less metadata leakage: Observers can’t easily tell if a spend was single-sig or a policy hidden behind a key—good for privacy and business confidentiality.

If you’re curious, the readable intros: Bitcoin Optech: Taproot and Learn Me A Bitcoin.

What Sam gets right and why it still matters

Sam’s mental model—Bitcoin is a UTXO machine guarded by signatures and simple scripts—still nails it in 2025. Here’s why it continues to be your edge:

• Security clarity: You don’t “have coins in a wallet.” You control keys that can unlock specific UTXOs. Everything good in Bitcoin flows from protecting that key material.


• Privacy realism: Address reuse and input merging can expose patterns. Good wallets rotate addresses and select coins with privacy in mind. Understanding this helps you choose better defaults and habits.


• Wallet behavior makes sense: The “why did my wallet send to a random address I don’t recognize?” panic goes away when you realize it’s your change address. The “why was my fee high?” question often traces back to many inputs.


• Upgrades don’t change the core: SegWit, bech32, and Taproot improved efficiency and flexibility, but the foundation—keys, scripts, UTXOs—remains the map. Learn this once; it pays you back forever.

And there’s a human side to this. Owning keys is responsibility and freedom rolled into one. It can feel heavy. That’s normal. But confidence comes from seeing how the pieces fit and practicing with small amounts until it’s muscle memory.

So what happens after your wallet builds and signs a transaction with those inputs and outputs? Where does it go, how do miners pick it, and why do fees jump around like airline ticket prices? Keep reading—I’m about to show you exactly how the mempool, fee market, and confirmations decide your fate in the next section.

Transactions to blocks: mempool, fees, miners, and confirmations

Hit “Send” and your Bitcoin transaction doesn’t jump straight onto the blockchain. It enters a global, 24/7 auction where space is scarce and miners fill blocks with the highest bidders. That’s not scary—it’s predictable once you know the rules.

“Fees aren’t a penalty—they’re your priority bid in a global auction.”

Fees and the mempool: why your tx waits (or doesn’t)

The mempool is Bitcoin’s waiting room. Every node keeps its own list of unconfirmed transactions. Miners pick from that list, almost always by the highest fee rate first. The fee rate is measured in satoshis per virtual byte (sat/vB). The higher your sat/vB, the faster you get in.

What sets your fee?

• Transaction size: A typical SegWit payment with 1 input and 2 outputs is ~141 vB. If you pay 30 sat/vB, your total fee is ~4,230 sats.


• Mempool congestion: When the mempool is crowded, the “clearing price” rises. When it’s thin, you can pay less and still confirm.


• Wallet estimation: Smart wallets look at recent blocks and current mempool stats to suggest a fee that should confirm within your chosen timeframe.

Real-world feel for volatility:

• During calmer periods, next-block fees might sit around 5–15 sat/vB.


• Fee spikes during NFT/inscription and BRC-20 waves pushed next-block fees above 200–500 sat/vB at times in 2023–2024. On Bitcoin’s 2024 halving day (block 840,000), fees per block exploded to over 30 BTC due to extreme demand—see mempool.space.

Two powerful tools when things don’t go as planned:

• Replace-by-Fee (RBF): If your wallet marks a transaction as replaceable (BIP125), you can resend the same tx with a higher fee. Nodes replace the old one with the new one. This is the cleanest way to “speed up” after you hit send. Tip: turn on RBF by default for day-to-day spending.


• Child-Pays-for-Parent (CPFP): If you’re the receiver of a low-fee transaction (or you sent it from a wallet without RBF), you can spend one of its outputs with a new transaction that pays a very high fee. Miners evaluate the package (parent + child). If the combined fee rate is attractive, both confirm together.

CPFP in numbers:

• Parent: 200 vB, pays 400 sats (2 sat/vB). It’s stuck.


• Child: 100 vB, you attach 10,000 sats.


• Package fee rate = (400 + 10,000) / (200 + 100) = 34.67 sat/vB. Suddenly attractive.

Good-to-know mempool policies:

• Ancestor/descendant limits: Most nodes won’t relay packages that exceed ~25 ancestors or ~25 descendants. Keep your unconfirmed chains short.


• Dust and tiny change: Very small outputs can’t pay their own way later. Avoid creating dust; it raises your future fees and reduces flexibility.

Quick habit checklist:

• Use SegWit or Taproot addresses (bc1…); they’re smaller and cheaper than legacy.


• Enable RBF in settings. It’s your emergency exit.


• Check current conditions on a mempool explorer like mempool.space before sending.


• Batch sends when paying multiple people; one bigger tx is usually cheaper than many small ones.

Mining and Proof-of-Work in plain language

Miners gather transactions, build a candidate block, and race to find a hash below the network’s target. That search is random—lots of attempts, one valid answer. The “difficulty” adjusts about every two weeks (2,016 blocks) so the network still averages ~10 minutes per block, regardless of how much hardware shows up.

“The proof-of-work chain is a solution to the Byzantine Generals’ Problem.” — Satoshi Nakamoto, 2008 (whitepaper)

Why this matters to you:

• Security has a cost: Attackers must outspend honest miners in energy and hardware to rewrite history.


• Honest majority assumption: As long as the majority of hash power follows the rules, your confirmed transactions are extremely hard to reverse.


• Stale blocks happen: Occasionally two miners find a block around the same time. One wins; the other becomes “stale,” causing a brief fork that resolves quickly. One-block reorgs are normal; deeper ones are very rare. Historical analyses peg the stale rate well under 1% in Bitcoin’s recent years (see long-run pool data and BitMEX Research summaries).

Energy and economics:

• The Cambridge Bitcoin Electricity Consumption Index tracks estimated power use across the network. While estimates vary, the core idea holds: PoW converts real-world energy into security.


• After the 2024 halving, the subsidy is 3.125 BTC per block. Fees have become a bigger share of miner revenue during busy periods—another reason your fee rate gets priority treatment.

Confirmations and finality: what’s “safe” for different amounts

A confirmation means your transaction is in a mined block. Two confirmations mean one more block was added on top of it, and so on. Each additional block makes a reorg attack exponentially harder. That’s why exchanges and merchants require a certain number before crediting deposits.

Practical guidance I use (not financial advice, just common practice):

• 0-conf: In-person, small, low-risk payments where you trust the counterparty or use tools to detect obvious double-spend attempts. Avoid for remote/large transfers.


• 1–3 conf: Everyday amounts, typically up to hundreds or a few thousand dollars. Most retail-facing services fall here.


• 6 conf: Traditional “gold standard” for larger transfers. Satoshi’s model shows that, assuming an attacker has 10% of hash power, the chance of reversing after 6 conf is tiny (whitepaper, Section 11).


• 12+ conf: Institutions, high-value settlements, or when policy demands extra caution.

Two tips that quietly boost safety:

• Check whether the sender used opt-in RBF. If 0-conf matters to you, many merchants prefer non-RBF transactions—or they monitor for conflicts.


• Watch for confirmed change. If you control the change output (common when you’re the sender), its confirmation gives you an extra signal that your original transaction is secure.

2017 vs. today: SegWit, Taproot, and modern fee behavior

Quite a lot changed since Sam hit publish back in 2017, and it affects both costs and privacy.

• SegWit and bech32 (bc1q…): Widely adopted now. SegWit lowers weight (and thus fees) for most spends and fixes transaction malleability, which helped unlock the Lightning Network. Switching from legacy (1…/3…) to bc1 addresses can shave meaningful sats off busy-day fees.


• Taproot (bc1p…): Live since 2021. Single-sig and many multisig setups look identical on-chain when using key-path spends, which helps privacy and often lowers fees by keeping scripts off-chain unless needed. In 2023–2024, Taproot also enabled new use cases (inscriptions), which at times crowded the mempool and pushed fees higher.


• Fee markets matured: We’ve seen multiple fee spikes tied to on-chain experimentation and bull markets. Wallets got better at fee estimation, RBF is a common default, and receivers increasingly use CPFP. Lightning stepped in for small, instant payments when on-chain space gets pricey.


• Common wallet defaults improved: Today’s wallets typically:
  
  
  
  • Use SegWit/Taproot addresses by default
  
  
  • Enable opt-in RBF
  
  
  • Offer mempool-aware fee suggestions
  
  
  • Support CPFP or have “fee bump” UX that handles it under the hood
  
  
  
  

If you remember one thing, make it this: your fee rate sets your place in line. In quiet times, a low bid is fine. In peak times, pay up or use RBF/CPFP—and consider Lightning for small payments. That’s the game.

Curious about the exact step-by-step flow—from UTXO selection to signatures, broadcasting, and what to click when your tx feels “stuck”? I’ve got a quick, skimmable walkthrough up next that answers those questions fast.

FAQ: quick answers to the questions you’re probably asking

“Don’t trust. Verify.” — the line that turns confused users into confident Bitcoiners.

How does a Bitcoin transaction work, step by step?

Here’s the journey from your wallet to a confirmation, without the fluff:

• Your wallet chooses UTXOs: It picks one or more of your spendable outputs to cover the amount + fee. Think of these as bills in your pocket.


• It builds inputs and outputs: Inputs reference your chosen UTXOs. Outputs include the recipient and a change output back to you.


• It signs: Your private key creates signatures that satisfy the UTXO’s spending rules (script). No private key, no spend.


• It broadcasts: The transaction is sent to nodes. They check rules and pass it around if valid.


• Mempool: Your transaction waits with others competing on fee rate (sats per vByte).


• Mining: A miner includes your transaction in a block if your fee is good enough. Proof-of-Work seals it.


• Confirmations: Every block on top adds one confirmation, making your transaction harder to reverse.

Real example: I send 0.02000000 BTC. My wallet selects two UTXOs (0.015 and 0.010). It creates outputs: 0.020 to the recipient and ~0.0048 back to a new change address, paying ~0.0002 BTC fee at 20 sats/vB.

What is a UTXO and why should I care?

A UTXO is an unspent transaction output—one “coin” you can spend if you meet its rules. Your balance is the sum of UTXOs controlled by your keys, not a single number in a database.

• Privacy: Spending multiple UTXOs can link them on-chain. Fewer, larger UTXOs leak less info than many tiny ones.


• Fees: Bigger transactions (more inputs) cost more. Avoid “dust” outputs that are expensive to spend later.


• Wallet behavior: Good wallets auto-consolidate when fees are low and avoid address reuse to protect privacy.

Quick check: If your fee seems huge, open the transaction in a block explorer; lots of inputs probably caused it.

Is Bitcoin anonymous or just pseudonymous?

It’s pseudonymous. Addresses aren’t tied to names, but the ledger is public. Reuse addresses or mix UTXOs, and analysts can often cluster them together.

• What leaks: Amounts, timing, input-output linkages, and address reuse. Classic research (e.g., Meiklejohn et al., 2013) showed clustering is very possible, and firms still do it today.


• Better habits: New address each payment, avoid combining unrelated UTXOs, and consider CoinJoin tools with strong default settings.


• Taproot helps… a bit: Single-sig and multisig can look similar, which is good, but it’s not a privacy silver bullet.

Want a sanity rule? Treat Bitcoin as public by default and use privacy tools knowingly—not blindly.

What’s the difference between a node and a miner?

• Nodes: Validate blocks and transactions against the rules and relay what’s valid. They enforce the rules; they don’t create blocks.


• Miners: Package transactions into blocks and compete in Proof-of-Work to win the next block reward + fees.

Running a node boosts your sovereignty: your wallet talks to your node, so you verify your own payments instead of trusting someone else’s server. Try Bitcoin Core or node-in-a-box options.

How many confirmations are “enough”?

It depends on risk and context, not a magic number:

• 0-conf: In-person, low-value, trusted counterparties (like a coffee) sometimes accept it. There’s still double-spend risk.


• 1–3 conf: Everyday online purchases, moderate risk. Many services settle around 1–2 these days, depending on fraud controls.


• 6 conf: Traditional “gold standard” for larger on-chain transfers and exchange deposits.


• High-value/OTC/treasury: Policies can require even more, or wait time + multiple observers.

Each confirmation exponentially reduces the chance of a successful chain reorg attack, but it never hits absolute zero.

How do fees get set, and can I speed up a stuck transaction?

Miners prioritize by fee rate (sats per vByte). When the mempool is crowded—say, from inscriptions, exchange batching, or bull-market activity—prices spike. Wallets estimate fees from current mempool data and recent blocks.

• RBF (Replace-by-Fee): If your wallet sent the transaction as RBF, you can bump the fee and rebroadcast a higher-fee version. Look for “Bump fee” or “Increase fee.”


• CPFP (Child-Pays-for-Parent): Send a new transaction that spends the stuck transaction’s change with a high fee; miners include both to collect the combined fees. Useful when the parent wasn’t RBF-enabled.


• Batching & timing: Send during off-peak hours or batch multiple payments to save space and cost.

Check live conditions on mempool.space; choose a target confirmation window and set fee rate accordingly.

What changed since 2017 that I should know?

• SegWit is standard: Most wallets use bech32 (bc1…) for lower fees and fewer malleability issues. For single-sig Taproot, addresses use bech32m (bc1p…).


• Taproot (2021): Cheaper, simpler spending for many scripts; multisig can look like single-sig on-chain; supports advanced constructions like MuSig2 and smart contract-like trees.


• RBF defaults: Many wallets enable RBF by default, making fee bumps smoother.


• Lightning matured: More mainstream for small, instant payments with lower fees, but still best used with good tooling and backups.


• Fee volatility: Periodic congestion spikes—sometimes caused by popular on-chain trends—mean good fee settings matter more than ever.


• Wallet UX: Better coin control, change labeling, and address type selection are common now. Use them.

Small tweak, big win: switch your receive addresses to bech32/bech32m in settings if your wallet isn’t defaulting to them.

Could Bitcoin be attacked or “shut down”?

Shutting down the protocol globally is unlikely. It’s a distributed network of independent nodes following open rules. But risks exist—and they’re worth understanding:

• 51% attack: A miner or cartel controlling majority hash rate could censor or attempt short reorgs. It’s costly and reputationally damaging, and it can’t steal coins without keys or rewrite deep history cheaply.


• Network-level attacks: Eclipse attacks, ISP pressure, or censorship at the relay layer. Countered by diverse peers, Tor/clearnet mix, and more node operators.


• Economic pressure: Regulation can push centralization at exchanges or miners, but full nodes and self-custody reduce reliance on chokepoints.


• Energy narrative: Proof-of-Work’s energy use is measurable (see the Cambridge index). Miners chase low-cost energy and increasingly use curtailed or stranded power.

The real defense is decentralization: many nodes, distributed miners, and users verifying their own transactions. Censorship resistance isn’t a slogan; it’s a set of choices the network makes every day.

Can you walk me through a practical example I can copy?

Sure. Let’s say you owe a friend 50,000 sats:

• Open your wallet and enable RBF in settings.


• Paste their bc1… or bc1p… address; set amount to 50,000 sats.


• Tap “coin control” and select 1–2 UTXOs that cover it with minimal extra inputs.


• Pick fee rate based on your target confirmation on mempool.space (e.g., 8 sats/vB for same-day, 25 sats/vB for next-block in a busy hour).


• Send. If it’s stuck after an hour and you need speed, bump the fee via RBF to match current next-block rates.

That’s the everyday workflow that turns you from “hope it confirms” into “I control the outcome.”

Is there a quick checklist for staying safe and efficient?

• Use SegWit/Taproot addresses (bc1…/bc1p…).


• Turn on RBF; learn CPFP for emergencies.


• Avoid address reuse; label change addresses if your wallet supports it.


• Consolidate UTXOs when fees are low; avoid creating dust.


• Run your own node if you can, or at least connect your wallet to a trusted node.


• Back up seed phrases offline; test small sends before large ones.

One last thought: If you can explain UTXOs and fee rates to a friend in under a minute, you’re already ahead of most users. Want the exact resources I use to get people there fast—without the usual rabbit holes?

Want to go deeper? My curated resources to level up fast

Why knowledge is your edge in crypto

If you can explain how your wallet builds a transaction, why fees change by the minute, and what a UTXO actually is, you’ll make smarter moves and avoid expensive mistakes. That’s not hype—it’s the difference between reacting to Twitter and acting with a plan.

Real talk: the biggest losses I see aren’t “black swan hacks,” they’re preventable errors—sending to the wrong network, ignoring RBF, falling for fake wallet updates, or misreading mempool conditions. In 2023, the FBI’s Internet Crime Report showed investment-related losses at $4.57B, with crypto schemes featuring heavily. Chainalysis’s 2024 report also found illicit crypto volume fell overall, but ransomware and sophisticated phishing rose. Translation: the market gets smarter, attackers do too. Your best defense is learning the mechanics and using tools confidently.

So, I keep a living library of resources that teach you the roots—protocol design, history, security, and practical wallet ops—so your decisions aren’t guesswork.

My “deep knowledge” picks on CryptoLinks

I’ve organized a “deep knowledge” category on CryptoLinks so you can build real comprehension fast. Here are standout picks I send friends, team members, and power users all the time:

• Bitcoin.org Developer Guide — the clearest, canonical walkthrough of transactions, scripts, blocks, and nodes.


• Mastering Bitcoin (free, open-source) — a readable, code-aware tour from keys to P2P networking.


• Nakamoto Institute — Satoshi’s emails, forum posts, and essays that shaped early Bitcoin thinking.


• Bitcointalk Archives — history’s messy middle: early debates on fees, privacy, and scaling.


• Bitcoin Stack Exchange — thousands of Q&As; search before you ask, bookmark the best threads.


• Bitcoin Optech — pro-grade newsletters on mempool policy, fee markets, SegWit/Taproot, and wallet best practices.


• PR Review Club — learn how Bitcoin Core changes get evaluated; priceless for technical intuition.


• Chaincode Labs Resources — study clubs, explainers, and reading lists for protocol learners.


• Mempool.Space Academy — visual, practical explainers on mempool, fees, and transaction states.


• River Learn — beginner-friendly guides with crisp diagrams and examples.


• Jameson Lopp’s Bitcoin Resources — a massive, quality-filtered index across security, dev, and ops.


• Bitcoin Magazine Guides — approachable articles covering concepts and current topics.


• Cambridge Bitcoin Electricity Consumption Index (CBECI) — data-driven view of mining’s scale and geography.


• BitMEX Research — hard-nosed analysis on forks, security incidents, and market microstructure.


• Coin Metrics: State of the Network — on-chain analytics with methodology, not just charts.


• Glassnode Academy — structured lessons on on-chain metrics and cycle dynamics.


• Bitcoin Improvement Proposals (BIPs) — the source of truth for standards; read BIP-141 (SegWit), BIP-340 (Schnorr), BIP-341/342 (Taproot).


• BOLTs (Lightning Specs) — if you’re Lightning-curious, this is how the sausage is made.


• Multisig and Scripts (Mastering Bitcoin ch.12) — build a strong mental model for spending rules.


• bitcoiner.guide — practical self-custody, backups, and wallet hygiene in plain English.


• Sparrow Wallet Docs — hands-on UTXO control, labeling, coin selection, and PSBTs.


• Wasabi Docs and Samourai — advanced privacy workflows; understand trade-offs before using.


• Bitcoin-Dev Mailing List — follow proposals, concerns, and rationale from core contributors.


• CryptoLinks Deep Knowledge Category — my complete, constantly updated list (24+ sites) with notes and links.

What makes these resources different

• Grassroots-first: they start from the building blocks (keys, scripts, UTXOs) and stack up—so you don’t get lost in buzzwords.


• Multiple formats: articles, videos, ebooks, short explainers, mailing lists, audio—pick your learning style and pace.


• Balanced takes: you’ll see wins and war stories: scaling debates, fee spikes, privacy trade-offs, and real-world wallet pitfalls.

Where to start after Sam’s article

Here’s a simple path I recommend to lock in the fundamentals and turn them into practical skills:

• Step 1: Skim the Bitcoin.org Dev Guide sections on transactions and scripts. You’ll map terms you just learned to primary sources.


• Step 2: Watch the mempool in real time on mempool.space. Send a tiny test transaction with RBF on; see how fees affect confirmation.


• Step 3: Read a chapter from Mastering Bitcoin on multisig/Taproot, then peek at the BIPs behind it.


• Step 4: Do one privacy task: label UTXOs in Sparrow and learn to avoid address reuse; read one Optech piece on change and scanning.


• Step 5: Pick two items from my CryptoLinks Deep Knowledge Category—one historical (Nakamoto Institute) and one technical (PR Review Club)—and save them to a weekly study habit.

Ready for the fun part—should you invest time in reading Sam’s guide right now, and what should you do immediately after? That’s exactly what I’m answering next, with battle-tested steps you can apply today.

Should you read “A peek under Bitcoin’s hood”? My verdict and next steps

Short answer: yes. Sam Lewis’s 2017 post is still one of the friendliest looks at what really happens when you press “Send” in a Bitcoin wallet. Read it with this review by your side and you’ll skip hours of guesswork, especially around UTXOs, fees, and confirmations. The core ideas haven’t aged; the ecosystem around them has. Pair the two and you’ll be ahead of 90% of users.

Who will get the most value

• New self-custody users who want to understand why their “balance” breaks into pieces (UTXOs) and where change goes after a payment.


• Intermediate users who’ve sent a few transactions but still get surprised by fees or stuck transactions.


• Freelancers and small merchants who accept Bitcoin and need a practical feel for confirmations and risk.


• Anyone planning to hold for the long run and wants confidence reading mempool conditions, using RBF, and avoiding privacy mistakes.

How to put this knowledge to work today

• Pick a modern wallet with SegWit/Taproot support, Replace-By-Fee (RBF), and basic coin control. These features reduce fees, cut stuck-transaction stress, and help you manage UTXOs without surprises. If a wallet can’t show you which inputs it’s using or doesn’t support RBF, it’s holding you back.


• Send a cheap test transaction ($5–$20) to yourself. Watch how your wallet selects inputs, creates a change output to a new address, and shows confirmations arriving. Seeing that “balance splits into parts” once makes everything click.


• Check the mempool before you send. Open mempool.space and compare “next block” vs. “in a few blocks” fees. If you’re not in a rush, target a slower confirmation and save sats; if timing matters, pay for the next block. This one habit pays for itself over time—especially during fee spikes (2023–2024 had plenty due to inscriptions/ordinals; you could see triple-digit sat/vB during peaks, as mempool explorers documented).


• Turn on RBF and know how to use it. If your transaction lags, bump the fee instead of waiting days. RBF is standardized in BIP125 and widely supported.


• Learn a CPFP rescue. If you forgot to enable RBF, you can spend the change output with a higher-fee “child” transaction that pulls the “parent” through. Some wallets automate this. It’s a great safety net when you accidentally send too cheap.


• Keep your UTXOs healthy. Avoid creating lots of tiny “dust” outputs. When the mempool is quiet, consider consolidating small UTXOs to fewer, larger ones—but be aware it can reduce privacy if you merge coins that were previously unrelated. This isn’t hypothetical: clustering heuristics are well-studied in academia (see Meiklejohn et al., “A Fistful of Bitcoins,” 2013: paper).


• Practice simple privacy habits. Don’t reuse addresses, label your UTXOs, and understand that sending from multiple inputs links them on-chain. Taproot and modern wallets help, but good hygiene still matters.


• Connect to your own node when you can. It improves sovereignty and reduces trust in third parties. Start simple with a wallet that can talk to a node you run (see Bitcoin Core docs), then level up later.


• Match confirmations to the situation. In-person coffee? You might accept zero or one confirmation with mitigations. Bigger transfers? Wait longer. Exchanges are strict because they price risk professionally—use that as a clue, not a commandment.


• Keep an eye on ongoing improvements. Taproot, package relay policies, and wallet defaults keep evolving. Bitcoin Optech is a great way to stay current without chasing hype.

Pro tip: practice with small amounts until everything feels boring. Boring in Bitcoin is good—it means you understand the rules.

One last thought

Bitcoin isn’t magic. It’s rules, math, and incentives working together. Sam’s post opens the hood in a way that feels human. Pair it with what you’ve just learned here, and you’ll make smarter fee choices, avoid privacy potholes, and stop panicking when a transaction sits for a while.

Read the original, bookmark this review, and then go run a few test sends. Share it with a friend who’s curious. In this space, the best edge isn’t a hot tip—it’s understanding how the machine actually works.