On-chain Investigator ZachXBT Confirms: Axiom Employees Exploited Internal Privileges for Insider Trading

Original Compilation: TechFlow

TechFlow Introduction: On-chain detective ZachXBT has released a full investigative report accusing multiple employees of the crypto trading platform Axiom of abusing internal system permissions for over a year to query users’ private wallet information and engage in insider trading. The investigation was commissioned by a client, with evidence including recorded calls, internal screenshots, and on-chain fund flow charts. The implicated employees allegedly planned to help accomplices quickly profit $200,000. Axiom has generated over $390 million in revenue to date. This case exposes significant vulnerabilities in internal permission controls at crypto platforms.

(I)

Meet @WheresBroox (Broox Bauer). He is one of several implicated employees at @AxiomExchange, accused of exploiting the lack of permission controls in the company’s internal tools since early 2025 to query sensitive user information and conduct insider trading by tracking private wallet activity.

(II)

Axiom is a crypto trading platform founded by Mist and Cal in 2024. After incubation in the Y Combinator Winter 2025 batch, it quickly became one of the most profitable companies in the space, with cumulative revenue exceeding $390 million to date.

I was commissioned by a client to investigate allegations of misconduct at Axiom after receiving relevant tips.

(III)

Broox is currently a senior business development employee at Axiom, based in New York.

In a recorded segment, Broox stated he could track any Axiom user via referral codes, wallet addresses, or UIDs, claiming he could “find out everything about this person.”

He also described initially checking only 10 to 20 wallets, then gradually increasing over time—”so it doesn’t look as suspicious.”

In another segment from the same recording, Broox established rules for team members to request queries from him, saying he would send over the full wallet list.

This full recording comes from a private planning call among members of the group.

(IV)

In April 2025, Broox shared a screenshot from Axiom’s internal backend showing private wallet information for the trader “Jerry.”

In August 2025, Broox sent a second screenshot showing registration information and associated wallets for the trader “Monix.”

Also in August of the same year, Broox discussed querying Axiom users who had traded the meme coin “AURA.”

(V)

The group created a Google Sheets document compiling wallet addresses for multiple KOL targets. These addresses were compiled from data Broox obtained via Axiom’s internal backend.

Several KOLs named in the sheet or appearing in leaked screenshots have been contacted and independently confirmed the accuracy of the wallet data.

(VI)

One of the targeted KOLs is Marcell, a trader notorious for using his followers on X and Telegram as “exit liquidity.”

He became a target because of his habit of accumulating large amounts of tokens in a private wallet (i.e., “bundled accumulation”) before promoting the meme coin to his followers.

Traders like Marcell are ideal targets for this type of abuse—their address reuse rate is low, and their private wallets are almost never public, making privileged internal information extremely valuable.

(VII)

Through private messages, Broox’s main wallet was identified, and all directly associated addresses have been mapped.

FarpaWkzio7WQVpQeu2eURvNQZ3pCBZupJ95wUjoHcUN

Due to the associated addresses’ heavy involvement in meme coin trading, it’s difficult to pinpoint high-confidence insider trading cases based solely on wallet data—unless Axiom’s internal logs could be accessed to cross-reference the timing of trade orders.

Funds from the associated addresses primarily flowed to the following centralized exchange deposit addresses:

• 9HtKkLzTVUGMS9BDMSXbVjooP1rVoeiFPj3tEtmj7Qn4
• A8XSEaZXYo8eidAMivoAonf8skBeW1QkfprdBJm6eVz
• HPr1MSrSB2i9r9Vcsj8Cmx2sUFGudpDum6kY9dp2ePCN
• Afp4DargofX8K67BRUuhVuoBy1DJn9vTbH3ico9CaNs1
• 6rv1iSZ7YyR18R7EPvXwHdDkNp3qzrE9YPQtPnLVaYbv

(VIII)

Also on the call with Broox was his friend Gowno (Seb), a moderator who recently joined Axiom.

In the first recording, Broox claimed that Ryan (Ryucio)—another business development employee at Axiom—had used the internal backend to query user information for others and said he helped get his friend Mystery a job as a moderator at Axiom.

In the second recording, Broox discussed how Gowno’s responsibilities would expand over time and stated he could eventually assist with wallet queries.

Neither Ryan nor Mystery were present on this recorded call.

(IX)

In this recorded call from February 2026, Broox detailed a plan to use his permissions at Axiom to help Gowno quickly profit $200,000. This aligns closely with similar misconduct he has engaged in with others since early 2025.

In private chats, he also shared screenshots of his exchange account balances, indicating this scheme was already generating actual profits.

(X)

This investigation was commissioned by a client. As an independent investigator, I examined the alleged misconduct within Axiom, and the above constitutes the findings.

Earlier today, I contacted the Axiom team for comment; their official statement is attached to the original article.

Regardless of whether Cal or Mist were aware, the company had virtually no monitoring mechanisms or access controls in place from the outset to prevent such abuse of power.

The scope of data access granted to employees was quite broad—in an easily accessible backend system, employees could see users’ complete wallet lists (including date/time), wallets users were tracking, transaction history, wallet labels, and linked accounts. Such permissions are highly unusual for a business development role.

Given Broox is based in New York, I believe this case could be a good opportunity for the U.S. Attorney’s Office for the Southern District of New York (SDNY) to get involved, as it likely falls within their jurisdiction.

Regardless of whether criminal charges are ultimately filed, I hope the Axiom co-founders will conduct a further internal investigation into these abuses and consider legal action against the implicated employees.

Editor’s Note: This article is compiled from a tweet-based investigative report; images are screenshots of investigation evidence.

This article is sourced from the internet: On-chain Investigator ZachXBT Confirms: Axiom Employees Exploited Internal Privileges for Insider Trading

Related: x402 December Transaction Data Analysis: What Are People Actually Building?

Original Compilation: TechFlow We analyzed all x402 transaction data for December 2025: 63 million payments $7.5 million USDC Over 1,100 projects participating This is the first real-world case proving AI agents can pay for services at scale. Here are our findings http://blockrun.ai/state-x402-2025.pdf http://blockrun.ai/state-x402-2025-deck.pdf A Quick History Recap: The HTTP 402 “Payment Required” status code was defined in 1997 but was never actually used. The reason is simple: credit cards charge $0.30 to process a $0.01 payment, a fee of 3000%. Micropayments were doomed from the start. Until stablecoins changed everything. December 2025 Data Snapshot: 63 million transactions $7.5 million USDC in circulation 64,000 unique buyers 10,000 unique sellers Average transaction size just $0.12 For comparison: Visa’s minimum viable transaction is around $15, while x402 is processing payments 100x smaller and…