BlockApex 
November 5, 2021 When cryptocurrency first emerged with the creation of Bitcoin in 2009, it was regarded as a highly innovative form of technology due to the unique values associated with it. Never before had there been a decentralized form of currency with the potential to wipe out intermediaries like banks entirely when processing transactions. Bitcoin offered its users a unique promise- the privilege of privacy and anonymity in a world heavily regulated by governments and federal agencies (the intentions of whom are still up for debate).
As time went on, various use cases for both blockchain technology and cryptocurrency in general emerged. Among these was the emergence of Tornado Cash, a popular privacy solution built on Ethereum. Working slightly differently from a standard coin mixer, Tornado Cash is used to achieve the same goal of hiding a transaction trace. In this way, a user can prevent someone else from piecing together clues from their transaction history in an attempt to uncover their identity. Although this service is highly beneficial to those who value their privacy, it can also be very useful for malicious actors wanting to cover their tracks after an exploit.
This dual nature brings forth layers of doubt surrounding the morality of Tornado Cash. Who benefits more from using Tornado Cash? The average man concerned about his privacy, or a criminal with millions of dollars worth of stolen funds? At the end of the day, can it be argued that Tornado Cash is doing more harm than good?
Before we discuss this, let us try to understand the technology used by the protocol in carrying out its service.
The blockchain is often regarded as being pseudonymous. Though the true names of users are technically hidden, it is also transparent. This can make it very easy for someone to track a certain user’s actions in an attempt to uncover their identity.
To combat this paradox of privacy and transparency, users can take the help of the Ethereum-based privacy solution Tornado Cash. Tornado Cash uses a type of zero-knowledge proof known as zk-SNARKs to achieve this.
Initially, a user is provided with a randomly generated key known as a note. The hash of this note is then supplied to the Tornado Cash smart contract along with the amount of Ether a user wishes to send. Now, imagine hundreds of users are doing the same thing, each person submitting the hash of their unique key along with a fixed amount of money. You can think of this as the smart contract containing a pool of a large sum along with many hashes of notes.
When a user decides to withdraw their amount, they can simply submit the hash they had initially shown to the Tornado Cash smart contract. The existence of this hash will prove that their money was deposited. Once the provided hash matches with that of a note present in the pool, money can be withdrawn to a recipient address.
The amount deposited and withdrawn is the same, but the ERC20 tokens that make up that value are different each time. In this way, the on-chain link between source and destination addresses is broken- meaning there is no way to link the withdrawal to the deposit.
Tornado Cash has been fully decentralized since May 2020, when the team behind the protocol ceded control over its multi-signature wallet in a trusted setup ceremony. Since then, the platform has become popular among hackers and criminals wanting to cash in their loot.
In recent times, it seems that almost every analysis report for a major or minor hack in the blockchain space has some mention of Tornado Cash. Big names like Liquid Global, Poly Network, and Kucoin have all faced exploits in the past, with losses equating to millions of dollars worth of funds. In each scenario, the attacker was seen utilizing the privacy solution Tornado Cash in an attempt to get away with their loot. In most cases, this is where the trail goes cold, preventing the attacker from being caught.
Money laundering using cryptocurrency is no longer a novel concept. According to a report published by blockchain analytics firm Ciphertrace, money lost from major crypto thefts, hacks, and frauds during the first four months of 2021 totaled close to $432 million in value. As exploits increase, so does the use of Tornado Cash. According to Dune Analytics, as of October 2021, Tornado Cash has processed over 88,000 deposits and nearly USD 4 billion.
A question that arises amidst its growing popularity is regarding who to consider as the true users of Tornado Cash. It can be argued that privacy is an important concept to any person operating in the blockchain space. The majority of people who consider themselves members of the blockchain community are believers in the values of anonymity and decentralization. In a world of regulations, a platform like Tornado Cash helps keep the common man assured that his activity isn't being tracked for someone else’s benefit.
However, we cannot refute the claim that Tornado Cash is often the first line of action in an attacker’s getaway scheme. This has become common to the point where users are concerned that using Tornado Cash for their personal use may tie them to criminal activity. While no one will be able to connect a user’s withdrawal to their deposit, it will be clear that the withdrawal came from Tornado Cash and hence create grounds for suspicion.
There is no concrete way to know whether Tornado Cash is doing more harm than good by offering its services to the public. The only method to achieve something like this would be to somehow document the deposits made by criminals and compare them to overall activity on the platform. A task like this would be not only tedious but also defeat the purpose of creating the privacy solution in the first place. At the end of the day, we cannot blame Tornado Cash for applying anonymity- one of the core principles of blockchain technology- in such a successful way. The real solution to this problem is to strengthen the security of our platforms, preventing criminal activity in the first place. Until then, Tornado Cash is an easy scapegoat.
https://zephyrnet.com/tornado-cash-review-bringing-privacy-to-ethereum/
Safemoon suffered an attack in which the SFM/BNB pool was drained, resulting in a loss of $8.9M worth of ‘locked LP’. The attack was carried out by exploiting a vulnerability in the new Safemoon contract that allowed anyone to burn SFM tokens from any address, thus inflating the price of SFM tokens in the pool.
BlockApex 
July 27, 2023 The AI and blockchain integration can help overcome some of the limitations of each technology and create a more secure, transparent, and efficient Web3 ecosystem. This article explores the differences between AI and blockchain, ways to integrate them, use cases, and challenges that need to be addressed.
BlockApex
July 11, 2023 BlockApex (Auditor) was contracted by PhoenixDAO (Client) for the purpose of conducting a Smart Contract Audit/Code Review. This document presents the findings of our analysis which took place on 28th October 2021.
BlockApex
December 14, 2021 Script TV is a decentralized video delivery network that furnishes an expansive range of blockchain-enabled solutions to the problems related to the traditional video-streaming sector.
BlockApex
August 12, 2023 The Deus DAO hack had significant financial consequences, with users collectively losing around $6.5 million across Arbitrum, BSC, and Ethereum chains. Furthermore, the hack caused the DEI stablecoin to depeg by more than 80%, destabilizing its value and potentially shaking investor confidence.
BlockApex
May 24, 2023 Jump Defi infrastructure built on NEAR Protocol, a reliable and scalable L1 solution. Jump Defi is a one-stop solution for all core Defi needs on NEAR. Jump ecosystem has a diverse range of revenue-generating products which makes it sustainable.
BlockApex
June 22, 2023 It is crucial to come up with innovative solutions against cyberattacks, especially when your workforce is remotely working. Since we know that remote work comes with a bunch of security risks, it is essential to cater to them.
BlockApex
February 15, 2022 BlockApex (Auditor) was contracted by LightLink (Client) for the purpose of conducting a Smart Contract Audit/ Code Review. This document presents the findings of our analysis, which started on 12th June ‘2023.
BlockApex
July 28, 2023 Jimbo's Protocol is a decentralized finance (DeFi) system built on the Arbitrum chain. The protocol uses a semi-stable floor price for its ERC-20 token, $JIMBO, backed by a treasury of Ether (ETH). However, despite its pioneering efforts to maintain on-chain liquidity and price floors, Jimbo's Protocol recently faced a Flash loan attack.
BlockApex
September 7, 2023 
