Home
News
Details

ZachXBT Exposes Alleged Insider Trading Scandal at Axiom Exchange

iconChaincatcher
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
AI summary iconSummary

expand icon
ZachXBT has exposed a potential hack at Axiom Exchange, alleging that senior employee Broox Bauer engaged in insider trading. The report claims Bauer used internal tools to access user wallet data for over ten months, facilitating arbitrage trades. Axiom issued a generic response without directly addressing the allegations. The incident has raised concerns about governance and data security on DeFi platforms.

Author: Chloe, ChainCatcher

The event that has captured market attention and accumulated tens of millions of dollars in bets on Polymarket—“Which crypto company will ZachXBT expose for insider trading?”—has finally come to an end. On February 26, on-chain detective ZachXBT officially released his investigation report, directly implicating the DeFi trading platform Axiom Exchange.

The report alleges that a senior employee of the platform abused internal administrative privileges to illegally access users' private wallet data over an extended period and exploited this sensitive information for insider trading. This article will thoroughly analyze the evidence chain revealed by ZachXBT, exposing how "on-chain transparency" has been hijacked by "off-chain black-box management."

ZachXBT exposes insider trading scandal at Axiom Exchange

Axiom Exchange, co-founded by Mist and Cal, was accepted into the Y Combinator Winter Batch (W25) in early 2025 and has generated over $390 million in cumulative revenue within just one year. However, behind these impressive financial figures, a senior business development employee named Broox Bauer is turning Axiom’s backend tools into his personal playground.

According to ZachXBT’s investigation, Broox Bauer did not act alone—he established an organized “information monetization” pipeline centered on Axiom’s internal control dashboard, through which Broox could freely query any user’s private information using promo codes, wallet addresses, or UIDs. In recordings, Broox stated he could “find out anything about that person,” and his operations demonstrated strong anti-detection awareness:

  1. Start by querying only 10 to 20 wallets to avoid triggering system anomaly alerts.

  2. The targeted accounts are not randomly selected. For example, a KOL named Marcell, who has long purchased large amounts of meme coins using his personal wallet and is now promoting liquidity exits to his followers, has become a key focus of monitoring. The private wallets of such traders are rarely publicized and have low address reuse rates, making this information highly valuable for arbitrage.

  3. Established organizational structures and rules, including having another Axiom employee, Ryan (Ryucio), assist in locating user information, hiring Gowno as a moderator, and consolidating these private wallets into a Google Sheet for tracking.

These violations persisted for over ten months (starting in April 2025), and the evidence chain includes screenshots from the backend management systems of victims such as "Jerry" and "Monix." These materials have raised questions: why did business development staff have cross-functional access permissions? The expected monitoring alerts and permission segregation clearly failed to function.

Axiom's official response still cannot conceal the underlying structural failures.

Following the release of the ZachXBT report, Axiom’s official response followed a standard PR crisis protocol: issuing a statement expressing “shock and disappointment,” revoking permissions, and launching an investigation. However, this still fails to conceal the underlying systemic failures—such incidents reveal a breakdown in platform access controls, not merely the actions of a single employee.

1. Missing audit logs

In traditional finance or established Web2 tech companies, any access to user sensitive data must be logged. If a business development employee can cross-functionally query hundreds of wallet addresses unrelated to their business, the system should immediately trigger an alert. Axiom’s ten-month regulatory vacuum suggests that its internal systems may lack an “anomaly detection mechanism” altogether, and even whether “audit logs” are retained is questionable.

2. The extent of the impact is still unclear.

Axiom's statement did not mention the scale of affected users, raising deeper concerns: if Broox Bauer could access this information, what about other employees? The report identified moderator Gowno and another business development employee, Ryan, as accomplices in the misconduct, suggesting that such abuse of access may have been relatively easy. When an organization’s governance relies on “trust” rather than “systems,” the marginal cost of internal corruption is extremely low.

Are permissions meaningless? The data governance black hole in Web3 startups

Take a closer look at the core of this scandal. The backend data dimensions listed in ZachXBT’s report are alarming: a complete list of users’ wallets, wallets users are tracking, full transaction histories, user-defined wallet labels, and associated accounts—this list encompasses not just transaction data, but enough information to reconstruct a comprehensive picture of each user’s on-chain behavior.

In traditional financial institutions, access to such data is strictly governed by the "minimum necessary information" principle. No employee may access customer sensitive information unless there is a clear business necessity; all access activities must be logged in auditable records and periodically reviewed by the compliance department. The design logic behind this system is straightforward: it does not rely on employees' personal ethics, but rather reduces the potential for harm in advance through dual constraints of technology and policy.

Axiom’s backend clearly falls short of this standard. More concerning is that such issues are not uncommon among Web3 startups. Rapidly scaling teams often prioritize engineering resources toward product iteration, relegating compliance and data governance infrastructure to a later stage—or even treating it as a “list the token first” concern. However, once a platform reaches the scale of Axiom, the sensitivity of data accessible through backend tools far exceeds that of early-stage operations, while protective mechanisms often remain at startup-level capabilities.

This case also reveals a peculiar paradox unique to Web3: on-chain transparency does not equate to off-chain transparency. Blockchain grants transactions “anonymous transparency”—everyone can see the flow of addresses, yet it remains difficult to discern the underlying entities. Yet the real risk occurs the moment users complete registration, link their wallets, and set annotations: they entrust the platform’s centralized database with the most critical mapping—that “this address belongs to me.”

After this, anonymity gradually became an illusion. Once this identity is linked to more information, tagged with additional labels, or even abused, the transparency on the chain no longer protects users—it becomes the most precise tool in the hands of perpetrators.

Decentralization at the protocol level is never equivalent to a company.

The Axiom scandal reveals more than just individual misconduct by a few employees; it acts as a mirror, exposing a fundamental contradiction the entire Web3 industry has long avoided under the narrative of "decentralization": protocol-level decentralization never equates to operational decentralization at the company level.

When a platform’s core operations still rely on centralized backend systems, human customer service, and employee judgment, labels like “DeFi” or “Web3” are merely cosmetic front-end additions. Users trust the immutability of smart contracts, yet forget that the moment they enter personal information and link their wallet, they have handed their most critical data to a fully centralized organization.

Trust is never free; in places where institutions are not yet mature, the party with the most information asymmetry always bears the cost of trust.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.