On February 26, on-chain investigator ZachXBT released an investigation report accusing multiple employees of the cryptocurrency trading platform Axiom of long-term exploitation of internal backend access vulnerabilities to conduct predatory trading. The investigation focuses on senior business development (BD) employee Broox Bauer at Axiom’s New York office, who assisted co-conspirators in illegally profiting $200,000 in a short period.
Specific Methods of Insider Trading: Backend Dashboard Turned Hunting Tool
(Source: ZachXBT)
According to ZachXBT’s investigation, the root cause of this incident lies in Axiom’s internal backend (Dashboard) lacking effective access control mechanisms. This system not only displays lists of user wallet addresses, referral codes, and user IDs but also tracks addresses users are monitoring, complete transaction histories, and even includes custom nicknames set by users for specific wallets.
ZachXBT obtained recordings and chat screenshots showing Broox Bauer explicitly claiming in a recording that he can track any Axiom user and uncover their full background information. The following are the main steps revealed in the investigation:
Targeting Key Opinion Leaders (KOLs): Starting early 2025, Broox Bauer focused on influential traders on X and Telegram, especially targeting KOLs with “bundling” behaviors—meaning they pre-purchase large amounts of tokens through multiple private wallets before publicly promoting meme coins.
Matching Private Wallets: Using internal Axiom data comparison, they successfully identified private wallet addresses of these KOLs that had not been publicly disclosed, compiling them into a Google spreadsheet.
Joint Ambush with Co-conspirators: Gaining the trust of friend Gowno (Seb, recently hired as Axiom forum moderator) and another BD employee Ryan (Ryucio), they carried out precise follow trades and ambush transactions on tokens like $AURA and other meme coins.
Planning $200,000 in Illegal Profits: In a February 2026 call recording, Broox Bauer detailed how he helped Gowno achieve illegal profits of $200,000 in a short period.
Official Emergency Response, Polymarket’s Early Prediction, and Legal Risks
Axiom Official Statement
Axiom responded swiftly after the report: “We are shocked and disappointed by team members abusing internal customer support tools to search user wallets. We have revoked access to these tools and will continue investigating and holding responsible those involved. This does not reflect our team’s stance; we remain committed to prioritizing our users.”
Polymarket’s Accurate Prediction
Notably, before ZachXBT’s official release of the report, odds on the decentralized prediction platform Polymarket experienced dramatic fluctuations. The initially favored suspects Meteora and Pump.fun quickly lost favor, with all betting funds shifting to Axiom, ultimately leading to an accurate prediction of the target, demonstrating the market’s highly responsive reaction to insider information.
Potential Legal Consequences
Since Broox Bauer resides in New York, ZachXBT emphasized in the report that this case is highly likely to fall under U.S. federal prosecutors’ jurisdiction, potentially leading to criminal charges. This has sparked widespread discussion within the crypto community regarding platform employees’ data access behaviors.
Axiom was founded in 2024 by Henry Zhang (Mist) and Preston Ellis (Cal), both 22-year-old college graduates who rapidly grew the platform’s total revenue to over $390 million. ZachXBT concluded that whether or not the founders were directly aware, the company’s oversight of employee data access has become nearly completely ineffective, posing systemic risks to user asset privacy.
Frequently Asked Questions
Q: What is ZachXBT’s investigation report based on as evidence?
A: According to the public report, the evidence includes recordings of calls, chat screenshots, and Google spreadsheets organized by Broox Bauer. These materials show that the involved parties were aware they were abusing internal systems to access user data and had specific plans for illegal profits. The investigation combines on-chain address analysis with off-chain communication records for dual verification.
Q: Why shouldn’t Axiom’s backend dashboard be accessible to business development personnel?
A: Business development (BD) staff typically focus on client relations and partnership development, and normally do not need access to sensitive data such as user wallet addresses, transaction histories, or tracked addresses. Such data access rights are usually limited to technical support, compliance, or security personnel. The incident exposed a lack of role-based access control based on the principle of least privilege.
Q: What impact does this incident have on the Solana ecosystem?
A: Axiom is a leading trading platform within the Solana ecosystem. This scandal damages the overall decentralization image of Solana and has sparked broad industry discussions on internal governance and compliance of on-chain platforms. Many industry insiders believe that transparency should not be limited to on-chain activities; internal compliance audits and data security frameworks are essential for maintaining long-term user trust.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
