On-Chain Investigator ZachXBT released a major investigation today, accusing multiple employees of Solana-based trading platform Axiom of abusing internal tools to track users’ private wallets for insider trading. Recorded audio evidence shows involved staff explicitly describing how they “can find out any user’s information.” Axiom has responded, confirming the removal of tool access and stating they will pursue legal action.
(Background: On-Chain Detective ZachXBT: Wallets stolen via “social engineering attack” totaling $282 million in BTC and LTC)
(Additional context: Warning! ZachXBT: Hundreds of EVM wallets are being continuously stolen, attack methods unknown)
Table of Contents
Toggle
- The Dark Side of the $390 Million Empire
- Allegation 1: “I can find out any user’s information”
- Allegation 2: Insider Trading Group and Google Sheets
- Allegation 3: Not just individual misconduct, systemic vulnerabilities
- Axiom responds: “Surprised and disappointed”
Audio recording. A private group chat audio. A man named Broox Bauer explains to members of his “insider trading” group how he uses his backend permissions at Axiom to track every on-chain activity of any user.
This is not speculation. He states it himself.
On February 26, ZachXBT posted on social media, directly naming Axiom senior Business Development (BD) employee Broox Bauer (@WheresBroox), accusing him of systematically abusing internal tools since early 2025 to track user wallets for insider trading. This is not an isolated incident.
1/ Meet @WheresBroox (Broox Bauer), one of multiple @AxiomExchange employees allegedly abusing lack of access controls for internal tools to look up sensitive user details and insider trade by tracking private wallet activity since early 2025. pic.twitter.com/KwICQMJL1q
— ZachXBT (@zachxbt) February 26, 2026
The Dark Side of the $390 Million Empire
First, let’s get to know the defendant.
Axiom is one of the hottest trading platforms on Solana, founded in 2024, incubated by Y Combinator, integrating meme coin scanning, spot trading, perpetual contracts, and mining features. Within just four months of launch, platform revenue from fees exceeded $100 million; to date, total revenue has surpassed $390 million, capturing over 50% of the Solana trading bot market.
According to Blockworks, at its peak, Axiom’s weekly net profit reached $5 million, making it one of the fastest-growing startups in crypto.
But ZachXBT’s investigation reveals another side of this money-making machine: the platform stores sensitive user information—wallet lists, nicknames, linked accounts—in a simple backend system with almost no access controls. BD staff and customer support can freely access this data.
In other words, Axiom never implemented meaningful monitoring or permission controls from the start to prevent such abuse.
Allegation 1: “I can find out any user’s information”
In the recorded evidence released by ZachXBT, Broox Bauer describes his methods in his own words.
He states that with just a referral code, wallet address, or user ID, he can track any user’s complete activity history in Axiom’s backend, “can find out any information related to that user.”
He also describes a deliberately designed covert strategy: initially researching 10 to 20 wallets, then gradually increasing the number, “so it doesn’t look too suspicious.”
In another part of the same recording, Broox sets “basic rules” for querying for group members, then says he will send a complete wallet list.
This is not secondhand information from an anonymous tip. This is an active employee of Axiom, speaking in his own voice, describing how he exploits his position to steal user data.
Allegation 2: Insider Trading Group and Google Sheets
The source of the recording is even more shocking.
This full recording comes from a private group chat call, whose group name is literally “Insider Trading.” The members are actively discussing trading strategies, with Broox acting as an “information provider.”
The group created a Google Sheet summarizing target wallets of several KOLs (Key Opinion Leaders), with these addresses sourced directly from Broox’s access to Axiom’s internal backend.
Their profit method is classic: find a KOL who pre-buys with a small account before their signals go public, then front-run their trades, profit from the price movement when retail followers jump in.
In essence, this forms a complete insider trading supply chain: Axiom backend data → Broox extracts wallet lists → Google Sheet consolidates KOL targets → group members trade ahead → profit.
Allegation 3: Not just individual misconduct, systemic vulnerabilities
ZachXBT emphasizes that this is not just a “bad employee” issue.
He points out that Axiom’s backend system has fundamental design flaws: user wallet lists, nicknames, linked accounts are all stored in a simple management interface with no permission segmentation. Multiple employees, not just Broox, can easily access sensitive data.
This means: from inception, Axiom did not establish any effective internal monitoring mechanisms to prevent such abuse.
For a platform generating $390 million annually with hundreds of thousands of active users, this is not negligence—it’s a choice. A choice of speed and profit over user security.
- User sensitive data unsegmented, accessible by BD and support staff
- No operation logs or monitoring, employee queries leave no trace
- Multiple employees suspected of abuse, not an isolated case
- Access removed only after ZachXBT’s exposure
Axiom responds: “Surprised and disappointed”
In response to ZachXBT’s allegations, Axiom issued a brief statement:
“We are surprised and disappointed to learn that someone on our team abused internal customer support tools to query user wallets. We have removed access to these tools and will continue investigating and hold those responsible accountable. Such behavior does not represent our team. We are committed to putting users first. We will share updates on our Twitter.”
Notably, Axiom used the word “surprised.” But when a company stores all user sensitive data in an unprotected backend accessible to any authorized employee, the truly surprising thing should be that this wasn’t exposed earlier.
In the crypto industry, internal abuse for insider trading is not new. In 2022, Coinbase former product manager Ishan Wahi was prosecuted and sentenced for insider trading using exchange info. OpenSea former employee Nathaniel Chastain was also convicted of NFT insider trading in 2023.
Axiom’s case may not yet involve criminal charges, but the pattern is clear: internal personnel leverage asymmetric information to front-run retail traders.
This time, ZachXBT laid all the evidence bare—audio, screenshots, timeline—comprehensive and solid. It’s been a long time since such a thorough whistleblowing effort, like catching a smoking gun still warm.
And on Polymarket, some traders already sensed the news. Before ZachXBT’s official investigation release, a trader with the alias predictorxyz bet $65,800 on Axiom being exposed, ultimately earning about $411,000. This investigation itself became a market event. (Perhaps another insider trade?)
The issue isn’t just Broox Bauer.
The real question is: how many other Axioms are out there, treating user data as an employee buffet?
