Bitcoin Field Notes

Geo Nicolaidis

Bitcoin Field Notes is a research podcast for people who want Bitcoin analysis with receipts. Each episode unpacks one question — security budgets, fee markets, mining economics, privacy heuristics — using primary sources, traceable numbers, and falsifiable predictions. No price calls, no tribalism, no hype. Just the economics hiding under the protocol, explained clearly enough to argue with. If you've ever wondered what the data actually says — and where the consensus narrative breaks — start here. New episodes follow the Field Notes newsletter.

  1. 7h ago

    Episode 13: Bitcoin's Security Budget Problem: Modeling 2028 and 2032

    Episode 13 — Bitcoin Heuristics: Field Notes Bitcoin's Security Budget Problem: Modeling 2028 and 2032 Bitcoin's security depends on miner revenue, which depends on the block subsidy — and that subsidy halves every four years. Fee revenue, the only alternative, has never sustained beyond 7% of mining income. The result is a structural problem: even at $150K/coin with $5M in daily fees, the network would be less secure per dollar of value stored than it is today. This episode models three scenarios each for 2028 and 2032, explains why every one shows declining security ratios, and makes five falsifiable predictions gradable in 2028. Conditions as of March 2026: $67,800 bitcoin, 0.84% security-spend-to-value ratio$30.8M daily miner revenue (1% fees, 99% subsidy)Hashrate declining for the first time in six yearsHashprice bottomed at 3¢/TH/s; 15–20% of global fleet underwaterFoundry USA + AntPool control 48%; a March 2026 reorg showed what concentration looks like in practiceOver $70B in AI contracts signed by public miners (Core Scientific 39% AI revenue, TeraWulf 27%); 2x valuation premium for AI exposure2028 scenarios (subsidy 1.5625 BTC/block): Conservative (60K BTC): 0.43% ratioBase (100K BTC): 0.44%, requires 5x fee increase to $1.5M/dayOptimistic (150K BTC): 0.48% — still below today's 0.84%2032 scenarios (subsidy 0.78125 BTC/block): Conservative (80K BTC): 0.23%Base (150K BTC): 0.27%Optimistic (300K BTC): 0.30%, requires $15M/day in feesUnder Budish's framework, the 2028 conservative scenario implies $5.1B annual security spend — a threshold a well-funded state actor could plausibly approach. Five falsifiable predictions (due Q1 2028): Fee revenue won't exceed $2M/day (90-day avg) before Q1 2028. Baseline: $300K.Top two pools will control >55% hashrate by the 2028 halving. Current: 48%.≥60% of listed miners (by market cap) will derive >50% revenue from non-mining ops by 2028.Fee-to-subsidy ratio won't sustain above 10% before the 2028 halving. Current: 1%; peak sustained: 7% for one month.Hashrate won't sustain above 1 ZH/s before the 2028 halving. Current: ~900 EH/s. (Least confident prediction.)Where the argument might be wrong: History: Bitcoin survived Mt. Gox, the block size wars, China bans, and 17 years of obituaries.Price: at 300K BTC, the 2032 subsidy alone generates ~$33.75M/day.Unseen protocols: Ordinals and Runes didn't exist before 2023–24; covenants (OP_CTV, OP_CAT) could enable new fee demand.Adaptive self-organization: after China's 2021 ban, node TOR adoption surged from 23% to 50–64% without coordination.Confirmation bias: the author has professional interest in these questions mattering.Core mechanism: Bitcoin's security rests on the assumption that price keeps rising. The subsidy is denominated in bitcoin; as it halves, dollar value holds only if price doubles. Fees are marginal (1%). The rest is price × supply — making the security model a bet on adoption. Takeaway: Bitcoin's security guarantees don't yet match its scarcity guarantees, and the gap is widening. The literature is unanimous that this is structural. The community's response has been price-denominated optimism rather than mechanism design. "The price always goes up" isn't a security proof — it's a historical observation. 🎙 Hosted by Geo NicolaidisFull essay: https://geonicolaidis.substack.comWebsite: https://geonicolaidis.com | LinkedIn: /in/geo-nicolaidis

    34 min

  2. May 13

    Episode 12: The Block Space Market — Are Bitcoin's New Tenants Paying Enough Rent?

    ============================================================== EPISODE DESCRIPTION ============================================================== Ordinals, BRC-20, Runes, Babylon — every one of them proved Bitcoin's block space has real demand. Every one of them generated dramatic fee spikes. And every one of them collapsed back to baseline within days or weeks. In this episode, Geo Nicolaidis looks at fee revenue the way an investor looks at earnings — not the peaks, but the average Tuesday in March — and asks whether the new tenants are paying enough rent to keep the building standing. ============================================================== SHOW NOTES ============================================================== In Issue 11 we walked through the mechanics of Ordinals, BRC-20, and Runes. This episode asks the harder question: does any of that demand actually solve the security budget problem from Issue 9? Spoiler — as of March 2026, fees are still at roughly $300,000 per day, less than 1% of miner revenue, and the 2028 halving is coming. What we cover: • Every major fee event since Ordinals launched — and critically, what happened after each spike - Jan 2023: Ordinals launch, 50% block space consumed, fees barely moved - May 2023: BRC-20 mania — fees first exceeded the subsidy since 2017, 465K mempool backlog, collapsed within weeks - Dec 2023: Ordinals peak, 245 sats/byte, slow burn for a month - Apr 2024: Runes + halving day — $80M daily fees ATH, 98% decline in 8 days - Aug 2024: Babylon staking — 9.52 BTC per block fee spike lasting hours - Late 2024–2026: the floor collapses and stays collapsed • Block space as a market: Huberman, Leshno & Moallemi's "Monopoly Without a Monopolist" and why fees only exist when supply meets real congestion • The three types of demand — payments (stable, modest), inscriptions/tokens (spiky, event-driven), staking/protocol (brief, intense) — and why only one of them looks like a business model • Roughgarden on transaction fee mechanism design, and why Bitcoin's first-price auction has no revenue floor the way Ethereum's EIP-1559 does (2.6M ETH burned in year one) The sustainability test, with numbers: • Current state: $33–34M daily miner revenue, 1% from fees • 2028 halving math: fees need to grow ~55x at $74K BTC, ~37x at $100K • 2032 halving math: fees need to grow ~80x from today's baseline • The three problems with relying on price appreciation: it's not a mechanism, the attack-cost-to-secured-value ratio degrades, and 2032 is brutal The Layer 2 paradox revisited: Lightning reduces L1 fee pressure exactly when inscriptions are trying to increase it. Volatility is almost as bad as low revenue when miners need to make capital allocation decisions for ASICs and power contracts. Where I might be wrong: • Price appreciation has worked 4 halvings in a row • BitVM, institutional settlement, and ETF flows could create structural L1 demand • Ordinals today could be Ethereum NFTs in 2020 — a trough before maturation • The solution is probably hybrid: price + spikes + gradual baseline growth Key takeaway: The data does not support confidence that fees will replace the subsidy on schedule. It also does not support confidence that the system will fail. The uncertainty itself is the finding — and for a $1.4 trillion network, that's not a comfortable place to be. ============================================================== LINKS ============================================================== Read the full essay on Substack: https://geonicolaidis.substack.com More from Geo: • Website: https://geonicolaidis.com/ • LinkedIn: https://www.linkedin.com/in/geo-nicolaidis/ • Substack (Bitcoin Heuristics — Field Notes): https://geonicolaidis.substack.com 🎙 Hosted by Geo Nicolaidis

    28 min

  3. Apr 29

    Episode 11: The New Tenants — Ordinals, BRC-20, and Runes

    EPISODE DESCRIPTION In the middle of Bitcoin's documented security budget crisis, something unexpected happened: people started paying unprecedented amounts in transaction fees for images, JSON tokens, and protocols Satoshi never designed for. This episode explores how Ordinals, BRC-20, and Runes work — and whether the fee spikes they generate can sustain Bitcoin's mining revenue long-term. SHOW NOTES What we cover: • Ordinals: Casey Rodarmor's January 2023 invention to uniquely identify and track every satoshi as a distinguishable asset via sequential numbering, creating six rarity tiers from common through mythic • Why Ordinals are purely a Schelling point — a social convention rather than a protocol change. Bitcoin nodes don't know ordinal numbers exist; value derives entirely from collective agreement • Inscriptions: the technical mechanism that embeds arbitrary data (images, text, video) in Bitcoin's witness data, exploiting SegWit's four-to-one discount and Taproot's removed size limits • The unintended consequences: block size jumped 47-75 percent (1.2 MB to 1.7-2.5 MB), inscriptions drove 60 percent of block space at peak, and Taproot adoption became dominated by JPEGs instead of privacy features • BRC-20 tokens: Domo's JSON-based fungible token standard that requires two transactions to move tokens (vs. one for payments), creates permanent UTXO bloat, and depends entirely on off-chain indexers with no on-chain dispute resolution • The speed of adoption: BRC-20 market cap hit 991 million dollars in under two months (May 2023); fees surged to 16-29 dollars and mempool backlog exceeded 469,000 transactions • UTXO set explosion: BRC-20 drove growth from 86 million to 140 million UTXO entries; by mid-2025, 30 percent of all UTXOs were inscription-linked, and chainstate database exceeded 11 gigabytes • Fee externalities: inscription transactions individually carry lower fees than payment transactions in the same block, but their presence reduces available space and forces payments to bid higher • Runes: Rodarmor's April 2024 response to BRC-20 damage, using OP_RETURN for data (which can be pruned) instead of witness data, reducing transaction requirements to one instead of two or three • The Runes halving-day launch generated Bitcoin's most dramatic fee spike: 127 dollars average, 2.4 million dollars in a single block, 1,805 satoshis per vbyte median • Pattern recognition: dramatic fee spikes (May 2023 for BRC-20, April 2024 for Runes) followed by rapid normalization — but whether this reflects speculative froth or structural demand remains open The developer schism: • Luke Dashjr proposed filtering inscriptions as an exploit of SegWit's witness discount, but miners rejected filtering that removes fee-paying transactions (January 2024) • The 80-byte OP_RETURN limit debate (April-June 2025) led to increasing the limit to 4 megabytes, because the old limit was causing worse UTXO bloat via fake spendable outputs • Bitcoin Core's node share dropped from 98 percent to 88 percent after the OP_RETURN increase; Bitcoin Knots grew to 5 percent • The contradiction: academic research shows Bitcoin's fee market requires congestion, but developers alarmed about the security budget gap are often the same ones wanting to filter high-fee transactions The unresolved question: Do 135 million dollars in Runes fees represent genuine revenue that compounds into miner income, or speculative spikes that normalize within weeks? This determines whether the new tenants are paying sustainable rent on Bitcoin's security infrastructure. LINKS Read the full essay on Substack: https://geonicolaidis.substack.com More from Geo: • Website: https://geonicolaidis.com/ • LinkedIn: https://www.linkedin.com/in/geo-nicolaidis/ • Substack (Bitcoin Field Notes): https://geonicolaidis.substack.com 🎙 Hosted by Geo Nicolaidis

    18 min

  4. Apr 29

    Episode 10: Energy Wars — When AI Outbids Bitcoin for Electricity

    EPISODE DESCRIPTION Bitcoin's theoretical security budget problem meets real-world energy economics as AI data centers systematically outbid Bitcoin miners for the same electricity. This episode traces the displacement happening across hashrate, geography, and centralization — and what it reveals about Bitcoin's actual security model. SHOW NOTES What we cover: • The revenue shock: Galaxy Digital leasing 133 MW to CoreWeave for 300 million dollars per year, versus 22 million from Bitcoin mining — a 10x increase in revenue per megawatt • Sector-wide pivot: 65 billion dollars in announced AI/high-performance computing contracts by late 2025, including Core Scientific (8 billion), Hut 8 (7 billion with Google backing), and Crusoe Energy's complete exit from mining • Energy consumption scale: 415 terawatt-hours in 2024, projected 945 by 2030; AI surpassed Bitcoin mining in energy consumption in 2025 • The buyer-of-last-resort framework: Bitcoin mining works as flexible load for intermittent, remote, low-quality power; AI data centers need uninterrupted baseload power and cannot flex • Riot Platforms' evidence: earned more from grid curtailment credits during Texas heat waves than from mining itself that month • Dual-use model attempts: IREN designing facilities for dynamic load shifting between Bitcoin and NVIDIA GPU workloads, but generalization remains unclear • Geographic migration patterns: Ethiopia (2.5 percent hashrate, 55 million dollars in 2024 mining revenue), Paraguay (4 percent hashrate, 3 dollars per MWh costs), Africa broadly at 3 percent hashrate via renewables • The clean energy narrative caveat: Bitcoin's renewable share dropped from 41.6 percent (pre-China ban) to 25 percent, recovered to 52 percent, but mining chases cost, not climate impact • Carbon externality data: coal-powered mining generates 3-7 dollars in external damages per one-dollar Bitcoin price increase — quantifiable cost at the marginal facility • Hashrate paradox: all-time highs (1 zettahash sustained by September 2025) despite institutional miner displacement; new-generation efficient miners in low-cost jurisdictions replaced exits faster than they occurred • Economics breakdown: all-in mining costs hit 138,000 dollars per BTC (early 2026), while BTC traded 90,000-110,000; hardware payback periods exceeded 1,200 days (vs. 300-500 historically); only capital-efficient operators with stranded energy remain viable • Concentration trend: hashrate at records, but industry producing it is narrower and more concentrated than ever The security model stress test: • Hashrate-based attack cost (6 billion dollars) assumes hardware acquisition, but ignores pool concentration • Foundry USA (34 percent) plus AntPool (18 percent) = 51 percent; six pools control 95+ percent of all blocks • Pool operators control block template and transaction inclusion — coordination or compromise requires no hardware acquisition • Selfish mining profitable at 33 percent; Foundry USA crosses this alone • Geopolitical risk: AntPool (Bitmain) operates from Singapore but Chinese-origin; second-largest pool governed by entity with ties to jurisdiction that banned mining • Hardware monopoly: Bitmain manufactures 82 percent of ASICs globally — vertical integration of chip fabrication, pool operation, and geopolitical leverage in one entity The open question: Whether mining-to-AI pivot is durable depends on AI demand trajectory. Goldman Sachs projects supply-demand balance around 2027; 65 billion dollar contracts are typically 10-15 year commitments that don't convert back to mining easily. Stranded-energy miners may emerge more distributed and resilient, but concentration risk increases. LINKS Read the full essay on Substack: https://geonicolaidis.substack.com More from Geo: • Website: https://geonicolaidis.com/ • LinkedIn: https://www.linkedin.com/in/geo-nicolaidis/ • Substack (Bitcoin Heuristics — Field Notes): https://geonicolaidis.substack.com 🎙 Hosted by Geo Nicolaidis

    13 min

  5. Apr 28

    Episode 9: The Security Budget Cliff — Why Bitcoin's Mining Revenue is Disappearing on Schedule

    BITCOIN HEURISTICS — FIELD NOTES Episode 9: The Security Budget Cliff — Why Bitcoin's Mining Revenue is Disappearing on Schedule EPISODE DESCRIPTION ================================================ Bitcoin's block subsidy halves every four years on a fixed schedule. The protocol assumes transaction fees will replace this declining revenue to fund security. Academic research — from Princeton, Duke, and the world's top economics journals — says this assumption may not hold. This episode explores the mathematics and the stakes. SHOW NOTES ================================================= What we cover: • Bitcoin's two revenue sources: block subsidy (currently 3.125 BTC, declining deterministically) and transaction fees (currently 1-2% of miner revenue) • The halving schedule: 50 BTC (genesis) → 25 → 12.5 → 6.25 → 3.125 (2020) → 1.5625 (2028) → 0.78 (2032) → 0.39 (2036) • Current mining economics: 30-50 million dollars per day from subsidy; 1-2 million from fees; the design intent is clear, but the execution bet is unproven • Carlsten et al. (Princeton, 2016): in a pure-fee economy, miners can profitably fork at high-fee blocks to incentivize competition rather than consensus; "undesirable security properties" • Eric Budish (QJE, 2024): proof-of-work security requires miner revenue proportional to transaction value being secured. To secure gold's market cap (18 trillion dollars), Bitcoin would need hundreds of billions per year in mining spend — not currently possible • The arithmetic trap: to replace current subsidy at today's throughput, each transaction needs to pay 72 dollars — not realistic. 500 transactions per second at current prices might work, but scaling success undermines fees • The scaling paradox: Bitcoin that successfully scales (millions TPS, no congestion) may kill the congestion-dependent fee market that funds security • Tim Roughgarden's insight: optimal fee markets require fees to burn (like Ethereum base-fee), not pay miners — suggesting that well-designed fee systems might worsen security economics • Attack cost scale: 6 billion dollars for one-week 51% attack (0.4% of market cap) — adequate now, but declining in real terms • Critical windows: 2028 and 2032, when subsidy halves again. By 2032, maintaining today's security spending requires 50+ dollars per transaction • Three counterarguments and their status: (1) unpredicted fee demand like Ordinals/Runes might sustain the market, (2) Bitcoin price appreciation could compensate (historically true, but price-dependent), (3) Peter Todd's permanent small block reward (elegant but consensus-resistant) • The academic consensus: Budish (Quarterly Journal of Economics), Carlsten (major cryptography conferences), Review of Economic Studies all identify this as real and structural — not theoretical hand-wringing The thermostat analogy: Difficulty adjustment converts energy into security without creating extra coins. But thermostats need fuel. Block subsidy is the fuel, declining on schedule. Transaction fees are meant to replace it, but academic literature says "maybe, with serious caveats." LINKS ================================================ Read the full essay on Substack: https://geonicolaidis.substack.com More from Geo: • Website: https://geonicolaidis.com/ • LinkedIn: https://www.linkedin.com/in/geo-nicolaidis/ • Substack (Bitcoin Heuristics — Field Notes): https://geonicolaidis.substack.com 🎙 Hosted by Geo Nicolaidis

    8 min

  6. Apr 21

    Episode 8: Energy, Scarcity, and the Difficulty Adjustment—What Happens When Energy Is Free?

    Bitcoin's Thermostat: A Dyson Sphere Mines the Same 450 BTC/Day Popular narrative: Bitcoin converts energy into money—fiat leaks to inflation, Bitcoin preserves value via real energy. Physically wrong. Bitcoins are ledger entries; SHA-256 dissipates electricity irreversibly as heat. Zero energy stored. The real mechanism: the difficulty adjustment decouples energy input from monetary output. Snapshot (early 2026). April 2024 halving cut rewards to 3.125 BTC/block (~450/day). Production cost averages $77–92K/BTC with huge spread—largest miners $33.7K, median $49K, subsidized regions $1.3K, Europe $300K+. Energy = 60–80% of opex; each ¢/kWh shifts cost ~$18K/BTC. Despite revenue halving, hashrate doubled from 505 EH/s to 1,000+ EH/s, hitting 1 ZH on 4 Apr 2025. Top 2 pools = 50–55% of blocks (60–70% with proxies), top 6 = 96–99%. Three Chinese firms make 99%+ of ASICs (one = 82%); advanced chips fab at one of two Taiwan/Korea sites. Mechanism. Every 2,016 blocks: difficulty = old × (actual/14 days), clamped at 4×. More energy = more security, never more coins. China ban (May–Jul 2021) tested it: hashrate fell ~50%, difficulty ~28% over epochs, never hit the clamp. Block production has never meaningfully deviated from 144/day across ~10^21 hashrate growth since 2009. Weaknesses. Lucas Critique: backward-looking adjustment becomes dynamically unstable when reward-elasticity of hash supply >1—approached but not crossed in Nov 2018. Timewarp attack (~2011): 51% miner can collapse difficulty to ~1 in 38 days via timestamp manipulation; unpatched. Top two pools already exceed the 33% selfish-mining threshold. Energy-as-value is wrong; unforgeable costliness is defensible. Saylor/Musk's "stored labor" fails thermodynamically. Szabo's framing—money needs production costs that are high, verifiable, uncheatable (Bit Gold, "Shelling Out"; root: Back's Hashcash)—is coherent but never peer-reviewed. Empirics: gold (1981–2013) causality runs price→cost, and Bitcoin follows suit. Top-journal work finds crypto returns load on network factors (addresses, active users), not production factors. Cost-of-production describes pricing, not value. Aluminum analogy breaks. Pre-1886 aluminum was rarer than gold; electrolytic reduction + cheap electricity crashed prices ~94% by 1894. Every energy-intensive commodity shows elastic supply. Bitcoin's supply is perfectly inelastic by protocol—cheaper energy yields more security, identical coins. Inelasticity alone doesn't guarantee value: silver lost its monetary premium post-1873; NFTs (supply=1) saw volume collapse 95% in 2022–2023. Stock-to-flow ~119, ~2× gold. Dyson sphere. 3.8×10^26 W vs. humanity's 18–20 TW (~20 trillion×); could power ~22 quadrillion Bitcoin networks. Outcome: difficulty adjusts astronomically, 450 BTC/day unchanged, security becomes impervious to anything short of another Dyson sphere. Under energy abundance, binding constraints shift to (1) miner revenue (subsidy + fees × price), (2) fab capacity (TSMC dominates 3nm, $20–40B and 3–5 years per fab; gallium bottleneck in one country), (3) the difficulty adjustment itself. Waste-heat radiation becomes the civilizational ceiling. Caveats. Timewarp unpatched; "no entity >50%" already strained. Peer-reviewed work: ~33% of BTC held by non-transactors, volatility ~10× fiat—arguably speculative, not yet money. Censorship resistance drives advocacy but has almost no rigorous academic treatment. Takeaway. Bitcoin's value doesn't require expensive energy—it requires the difficulty adjustment making energy irrelevant to supply. Energy buys security, not value. Value comes from scarcity, network effects, censorship resistance. Next: what happens when the revenue funding that security starts disappearing. Links: https://geonicolaidis.substack.com · https://geonicolaidis.com · https://linkedin.com/in/geo-nicolaidis/ Hosted by Geo Nicolaidis

    30 min

  7. Apr 21

    Episode 7: The Economic Privacy Floor

    EPISODE DESCRIPTION Bitcoin advocacy focuses on technical privacy solutions—CoinJoin, atomic swaps, confidential transactions. But most users will never adopt them. Meanwhile, the actual privacy that protects ordinary Bitcoin transactions has almost nothing to do with cryptography. It's economic. When the cost of forensic analysis exceeds the value of the information produced, the heuristics become economically pointless. Geo examines why the economic privacy floor explains more about real-world Bitcoin privacy than any cryptographic technique—and what happens when tools get cheaper and smarter. SHOW NOTES What we cover: • The concept of the economic privacy floor: analysis can be technically possible but economically pointless. If it costs $50,000 in analyst time to trace a $100 transaction, nobody bothers. • Scale matters. Forensic investigation into a real theft (100 BTC) justifies weeks of analyst time. A trace on 0.01 BTC gets zero attention. This isn't a designed privacy feature—it's de facto privacy for the vast majority of transactions. • Fragmentation as a privacy lever: split 1 BTC across 50 transactions into 50 small UTXOs. Heuristics still work at each individual hop (CIOH, change detection, taint propagation), but the analyst now has 50 paths to follow instead of 1. The tree of possibilities expands exponentially. Budget runs out before reaching terminal nodes. • Privacy through economics beats technical solutions for ordinary users: - CoinJoin: requires specific software, costs fees, still fingerprint-able - Lightning: requires channel management and liquidity - Atomic swaps: complex, rarely used - Confidential transactions: sidechain-only, limited adoption - Meanwhile: every wallet already fragments through normal change creation and multi-address receiving • The real question isn't whether you're traceable—you are. The question is whether anyone will spend money to trace you. For most users, the answer is no. • The gap between automated scoring and manual investigation: Risk platforms say "3% exposure to high-risk sources" but don't report whether that would survive detailed forensic scrutiny. In most cases, nobody verifies. • Forensic accuracy is resource-dependent, not method-dependent. FBI investigating a $100M hack produces accurate traces. Automated compliance scan on a $500 deposit produces loose approximations. Same blockchain, same heuristics, different outcomes due to budget. • Privacy as spectrum, not binary: Fragmenting across 100 UTXOs isn't cryptographic privacy—it's raising the cost of analysis to levels most adversaries won't tolerate. • Who gets investigated? Enforcement becomes literal: large amounts get traced, small amounts don't. This creates undetectable small-value money laundering, not for technical reasons but economic ones. The counterargument: Automation is improving. ML models traverse graphs faster. Computing costs drop. What's impractical today could be trivial in five years. The countervailing force: The Bitcoin transaction graph also grows. More transactions, more addresses, more branching paths. Graph complexity increases costs simultaneously with automation decreasing them. The empirical question: Which force—tool improvement or graph growth—wins over time? For small-value transactions, combinatorial path growth may make exhaustive analysis impractical regardless of automation. Open questions: • How much does machine learning improve over rule-based heuristics in practice? • Does graph growth outpace automation improvements? • What's the crossover point where automated analysis stops being reliable? • Can we build forensic tools that are honest about resource constraints? LINKS More from Geo: • Substack: https://geonicolaidis.substack.com • Website: https://geonicolaidis.com/ • LinkedIn: https://www.linkedin.com/in/geo-nicolaidis/ 🎙 Hosted by Geo Nicolaidis

    12 min

  8. Apr 15

    Episode 6: Change Address Detection

    Bitcoin's ledger is transparent, but it's also ambiguous. Every transaction where you spend more than you send creates a puzzle: which output is the payment, and which is the change? Change address detection is the second-most critical heuristic in forensic analysis—after Common Input Ownership. Get it wrong, and your trace goes sideways. In this episode, Geo walks through the six major heuristics used to identify change, a practical five-step workflow for applying them, and the real-world scenarios where they catastrophically fail. SHOW NOTES What we cover: • The fundamental challenge: Bitcoin doesn't label outputs as "payment" or "change." Both look identical on-chain. Misidentifying which is which means following the money backward instead of forward. • Six change detection heuristics and their individual limitations: 1. Address type matching — relies on wallet developers keeping consistent patterns across SegWit, native SegWit, Taproot transitions (increasingly unreliable) 2. Value heuristics — assumes change is the larger output (fails for wallet consolidation and large payments) 3. Round number analysis — assumes payments are round amounts, change is fractional (fails for automated systems) 4. Address reuse — assumes change goes to fresh addresses (inverts when recipients provide new addresses) 5. Spending behavior — post-hoc; assumes change is spent sooner (can't help real-time analysis) 6. The optimal change heuristic — assumes change is smaller than any input (strongest theoretical basis, but fails on single-input transactions) • A five-step practical workflow for applying these heuristics: 1. Classify the transaction structure first (single-input/two-output is the classic case; multi-output is harder) 2. Apply heuristics in priority order, scoring rather than trusting any single one 3. Aggregate scores across signals instead of relying on one definitive heuristic 4. Cross-validate against clustering data and known entities 5. Propagate errors carefully—misidentified change at hop three compounds through a fifteen-hop trace Where change detection breaks down: • Wallet heterogeneity — dozens of implementations, each with different change behaviors. No universal pattern. • Taproot adoption — as more wallets use Taproot for both sending and receiving, address type matching becomes useless • Deliberate heuristic evasion — privacy-aware users can invert all signals (round change, mismatched types, delayed spending) • Batch transactions — exchanges with fifty+ outputs per transaction; identifying the single change output becomes unreliable • No-change transactions — when a wallet has an exact UTXO, change detection misidentifies the sole output as change, reversing the trace direction entirely • Intra-wallet transfers — consolidations where every output belongs to the same entity; two-party transaction heuristics don't apply Open questions for the field: • How much is Taproot adoption actually reducing heuristic reliability? • Can machine learning models outperform rule-based heuristics? • How do change detection errors and CIOH clustering errors interact? • How do we get ground truth for validation without compromising user privacy? Key takeaway: Change detection determines whether your trace goes forward to the recipient or backward to the sender. When heuristics degrade—either through wallet evolution or deliberate evasion—forensic costs increase. And increased forensic costs have policy consequences. If on-chain analysis becomes harder, regulators may push for mandatory identity disclosure at the protocol level rather than relying on after-the-fact chain analysis. LINKS More from Geo: • Substack: https://geonicolaidis.substack.com • Website: https://geonicolaidis.com/ • LinkedIn: https://www.linkedin.com/in/geo-nicolaidis/ 🎙 Hosted by Geo Nicolaidis

    17 min
See All (13)

About

Bitcoin Field Notes is a research podcast for people who want Bitcoin analysis with receipts. Each episode unpacks one question — security budgets, fee markets, mining economics, privacy heuristics — using primary sources, traceable numbers, and falsifiable predictions. No price calls, no tribalism, no hype. Just the economics hiding under the protocol, explained clearly enough to argue with. If you've ever wondered what the data actually says — and where the consensus narrative breaks — start here. New episodes follow the Field Notes newsletter.

Information

  • Creator
    Geo Nicolaidis
  • Years Active
    2K
  • Episodes
    13
  • Rating
    Clean
  • Copyright
    © Geo Nicolaidis
  • Show Website
    Bitcoin Field Notes