How VMware Snapshots Work - It's Like It Never Happened!

very clear explanation

You're missing some crucial decision and I/O steps in there. You say, we're about to write to C5, and then it just writes to C5. First of all, these are blocks, not files, so you're skipping the whole step of determining what is being manipulated. To write one byte, you need to write the whole block. But what about the original C5? You didn't mention reading that at all! That is not how it works!
The full sequence is this: I am modifying C5 (which contains a file on the OS), so I read from the original VMDK, put it in memory, alter it, and then save to the child disk. The next time you want to read the file modified inside of C5, it needs to read from the child disk not the original. How does it decide to do that? Well, the child disk wasn't empty as you've implied. It contains one of two things: a pointer to an unmodified block on the original VMDK, if it was never altered, or it contains the modified block.

nice video there,
what would happen if i created a snapshot from original and that child got hacked ?
if i delete the child snapshot (the one hacked), what would happen to the original one? is it possible that my original would be now the one hacked?