A Merkle tree is a binary hash structure invented by cryptographer Ralph Merkle, first described in a 1979 patent filing on authentication trees for digital signatures. It is not unique to crypto: it is a general method for proving a piece of data belongs to a larger set without inspecting the entire set, a property that maps perfectly onto how blockchains verify transactions.
Building one starts at the leaves. Every transaction in a block is hashed individually, then pairs of hashes are combined and hashed again, layer by layer, until a single hash remains: the Merkle root. That root, not the full transaction list, is stored in the block header. Bitcoin uses double SHA-256 for this process, while Ethereum uses Keccak-256 and extends the concept into a modified Merkle Patricia trie, which commits to account balances and contract storage as well as transactions.
The main payoff is proof size. To show that one transaction belongs to a block, a node only needs the sibling hashes along the path to the root, a handful of values rather than the whole block. This is how Simplified Payment Verification (SPV) wallets and light clients confirm a payment without storing the full chain: they download block headers plus a short Merkle proof. Because altering a single transaction changes every hash above it, tampering is immediately detectable at the root, which is why Merkle trees still underpin rollup state commitments and cross-chain proof systems today.