On Apr 17, 2023. The DeFiGeek Community fell victim to a security breach in which an attacker exploited a flash loan vulnerability, causing the loss of 10 ETH (valued at over $20,000) from their DeFiGeek Community Pool Dai (fDAI-102
BlockApex 
November 5, 2021 When cryptocurrency first emerged with the creation of Bitcoin in 2009, it was regarded as a highly innovative form of technology due to the unique values associated with it. Never before had there been a decentralized form of currency with the potential to wipe out intermediaries like banks entirely when processing transactions. Bitcoin offered its users a unique promise- the privilege of privacy and anonymity in a world heavily regulated by governments and federal agencies (the intentions of whom are still up for debate).
As time went on, various use cases for both blockchain technology and cryptocurrency in general emerged. Among these was the emergence of Tornado Cash, a popular privacy solution built on Ethereum. Working slightly differently from a standard coin mixer, Tornado Cash is used to achieve the same goal of hiding a transaction trace. In this way, a user can prevent someone else from piecing together clues from their transaction history in an attempt to uncover their identity. Although this service is highly beneficial to those who value their privacy, it can also be very useful for malicious actors wanting to cover their tracks after an exploit.
This dual nature brings forth layers of doubt surrounding the morality of Tornado Cash. Who benefits more from using Tornado Cash? The average man concerned about his privacy, or a criminal with millions of dollars worth of stolen funds? At the end of the day, can it be argued that Tornado Cash is doing more harm than good?
Before we discuss this, let us try to understand the technology used by the protocol in carrying out its service.
The blockchain is often regarded as being pseudonymous. Though the true names of users are technically hidden, it is also transparent. This can make it very easy for someone to track a certain user’s actions in an attempt to uncover their identity.
To combat this paradox of privacy and transparency, users can take the help of the Ethereum-based privacy solution Tornado Cash. Tornado Cash uses a type of zero-knowledge proof known as zk-SNARKs to achieve this.
Initially, a user is provided with a randomly generated key known as a note. The hash of this note is then supplied to the Tornado Cash smart contract along with the amount of Ether a user wishes to send. Now, imagine hundreds of users are doing the same thing, each person submitting the hash of their unique key along with a fixed amount of money. You can think of this as the smart contract containing a pool of a large sum along with many hashes of notes.
When a user decides to withdraw their amount, they can simply submit the hash they had initially shown to the Tornado Cash smart contract. The existence of this hash will prove that their money was deposited. Once the provided hash matches with that of a note present in the pool, money can be withdrawn to a recipient address.
The amount deposited and withdrawn is the same, but the ERC20 tokens that make up that value are different each time. In this way, the on-chain link between source and destination addresses is broken- meaning there is no way to link the withdrawal to the deposit.
Tornado Cash has been fully decentralized since May 2020, when the team behind the protocol ceded control over its multi-signature wallet in a trusted setup ceremony. Since then, the platform has become popular among hackers and criminals wanting to cash in their loot.
In recent times, it seems that almost every analysis report for a major or minor hack in the blockchain space has some mention of Tornado Cash. Big names like Liquid Global, Poly Network, and Kucoin have all faced exploits in the past, with losses equating to millions of dollars worth of funds. In each scenario, the attacker was seen utilizing the privacy solution Tornado Cash in an attempt to get away with their loot. In most cases, this is where the trail goes cold, preventing the attacker from being caught.
Money laundering using cryptocurrency is no longer a novel concept. According to a report published by blockchain analytics firm Ciphertrace, money lost from major crypto thefts, hacks, and frauds during the first four months of 2021 totaled close to $432 million in value. As exploits increase, so does the use of Tornado Cash. According to Dune Analytics, as of October 2021, Tornado Cash has processed over 88,000 deposits and nearly USD 4 billion.
A question that arises amidst its growing popularity is regarding who to consider as the true users of Tornado Cash. It can be argued that privacy is an important concept to any person operating in the blockchain space. The majority of people who consider themselves members of the blockchain community are believers in the values of anonymity and decentralization. In a world of regulations, a platform like Tornado Cash helps keep the common man assured that his activity isn't being tracked for someone else’s benefit.
However, we cannot refute the claim that Tornado Cash is often the first line of action in an attacker’s getaway scheme. This has become common to the point where users are concerned that using Tornado Cash for their personal use may tie them to criminal activity. While no one will be able to connect a user’s withdrawal to their deposit, it will be clear that the withdrawal came from Tornado Cash and hence create grounds for suspicion.
There is no concrete way to know whether Tornado Cash is doing more harm than good by offering its services to the public. The only method to achieve something like this would be to somehow document the deposits made by criminals and compare them to overall activity on the platform. A task like this would be not only tedious but also defeat the purpose of creating the privacy solution in the first place. At the end of the day, we cannot blame Tornado Cash for applying anonymity- one of the core principles of blockchain technology- in such a successful way. The real solution to this problem is to strengthen the security of our platforms, preventing criminal activity in the first place. Until then, Tornado Cash is an easy scapegoat.
https://zephyrnet.com/tornado-cash-review-bringing-privacy-to-ethereum/
On Apr 17, 2023. The DeFiGeek Community fell victim to a security breach in which an attacker exploited a flash loan vulnerability, causing the loss of 10 ETH (valued at over $20,000) from their DeFiGeek Community Pool Dai (fDAI-102
BlockApex 
May 31, 2023 BlockApex (Auditor) was contracted by LightLink (Client) for the purpose of conducting a Smart Contract Audit/ Code Review. This document presents the findings of our analysis, which started on 12th June ‘2023.
BlockApex
July 28, 2023 The unfavourable effect brought by MEVs continues to gain recognition globally, with many believing MEVs capable of providing serious risk to Ethereum’s future. Amidst this crisis, research organization Flashbots has emerged with a solution.
BlockApex
November 16, 2021 The BonqDAO security breach that occurred on February 2, 2023, had far-reaching consequences for the platform, its users, and the wider DeFi ecosystem. The attack exploited a vulnerability in the integration of the Tellor Oracle system, which BonqDAO relied on for obtaining token price information.
BlockApex
September 22, 2023 Borderless Money is a decentralized finance protocol redefining how Social Investments are made, using yield-generating strategies and contributing to social causes. An open, borderless digital society, with borderless money, where the goods, services, technology, information, opportunities, and capital can flow through the borders from one hand to many, fairly, transparently.
BlockApex
November 19, 2022 Play-to-earn or P2E for short, typically refers to a business model where players can earn real-world or in-game currency by playing games, completing tasks, and performing different activities. This in-game currency is usually the project’s native cryptocurrency and is used to reward users.
BlockApex
June 28, 2023 On Tuesday, 9th August, Curve Finance suffered from a DNS attack causing theft of a whooping $570,000+ USD.
BlockApex
August 25, 2022 BlockApex (Auditor) was contracted by ZeroLiquid (Client) to conduct a Smart Contract Audit/ Code Review. This document presents the findings of our analysis, which started on 11th July ‘2023.
BlockApex
August 15, 2023 BlockApex (Auditor) was contracted by Voirstudio (Client) for the purpose of conducting a Smart Contract Audit/Code Review of Unipilot Farming module. This document presents the findings of our analysis which took place on _9th November 2021___ .
BlockApex
February 9, 2022 
