Well, as it's known, every block has a hash pointer pointing to the hash of a previous block. Suppose we have block 1, block 2 and block 3. Block 3 has a hash pointer to the hash of the block 2, the block 2 has a hash pointer to the hash of the block 1. That means that in order to change any data in the block 1 or 2, it requires to change block 3. It seems very hard and the difficulty increases drastically with every new block added to the blockchain. But how hard is it to change just one last block while there is no hash pointer pointing to it? Suppose the block 3 has been mined mined just now and the block 4 hasn't been mined yet. Is there a chance to tamper with the block 3?
What you are describing sounds like an Alternative History Attack as described here:
https://en.bitcoin.it/wiki/Irreversible_TransactionsBasically, in your scenario, an adversary would need to have enough hashrate to outrun the rest of the network between block 3 and block 4. In other words, they have roughly 10 minutes to mine 3 valid blocks -- the block with the double-spend and 2 blocks on top. Once they own the longest chain, the rest of the network follows and "their" blockchain is the canonical one.
The chance of such an attack succeeding depends on the hashrate of a would-be adversary. If an adversary controls more than half the network, the chance of success is 100% -- the infamous 51% attack. However the chance for success diminishes pretty quickly the smaller a percentage of the network the would-be adversary controls.
You can calculate some scenarios here, if you like:
https://people.xiph.org/~greg/attack_success.htmlAn attempt to outrun the 3 confirmations of your scenario with eg. 30% of Bitcoin's hashrate, would succeed with 32.5% probability. With only 10% of the network you're already down at 1.3% success probability.
Keep in mind that these attacks are very costly, as every failed attempt results in forfeited block rewards and transaction fees for each block you tried to outrun.