On-chain Investigator ZachXBT Confirms: Axiom Employees Exploited Internal Privileges for Insider Trading

Original Compilation: TechFlow

TechFlow Introduction: On-chain detective ZachXBT has released a full investigative report accusing multiple employees of the 暗号 trading platform Axiom of abusing internal system permissions for over a year to query users’ private wallet information and engage in insider trading. The investigation was commissioned by a client, with evidence including recorded calls, internal screenshots, and on-chain fund flow charts. The implicated employees allegedly planned to help accomplices quickly profit $200,000. Axiom has generated over $390 million in revenue to date. This case exposes significant vulnerabilities in internal permission controls at crypto platforms.

(I)

Meet @WheresBroox (Broox Bauer). He is one of several implicated employees at @Axiom交換, accused of exploiting the lack of permission controls in the company’s internal tools since early 2025 to query sensitive user information and conduct insider trading by tracking private wallet activity.

(II)

Axiom is a crypto trading platform founded by Mist and Cal in 2024. After incubation in the Y Combinator Winter 2025 batch, it quickly became one of the most profitable companies in the space, with cumulative revenue exceeding $390 million to date.

I was commissioned by a client to investigate allegations of misconduct at Axiom after receiving relevant tips.

(III)

Broox is currently a senior business development employee at Axiom, based in New York.

In a recorded segment, Broox stated he could track any Axiom user via referral codes, wallet addresses, or UIDs, claiming he could “find out everything about this person.”

He also described initially checking only 10 to 20 wallets, then gradually increasing over time—”so it doesn’t look as suspicious.”

In another segment from the same recording, Broox established rules for team members to request queries from him, saying he would send over the full wallet list.

This full recording comes from a private planning call among members of the group.

(IV)

In April 2025, Broox shared a screenshot from Axiom’s internal backend showing private wallet information for the trader “Jerry.”

In August 2025, Broox sent a second screenshot showing registration information and associated wallets for the trader “Monix.”

Also in August of the same year, Broox discussed querying Axiom users who had traded the meme coin “AURA.”

(V)

The group created a Google Sheets document compiling wallet addresses for multiple KOL targets. These addresses were compiled from data Broox obtained via Axiom’s internal backend.

Several KOLs named in the sheet or appearing in leaked screenshots have been contacted and independently confirmed the accuracy of the wallet data.

(VI)

One of the targeted KOLs is Marcell, a trader notorious for using his followers on X and Telegram as “exit liquidity.”

He became a target because of his habit of accumulating large amounts of tokens in a private wallet (i.e., “bundled accumulation”) before promoting the meme coin to his followers.

Traders like Marcell are ideal targets for this type of abuse—their address reuse rate is low, and their private wallets are almost never public, making privileged internal information extremely valuable.

(VII)

Through private messages, Broox’s main wallet was identified, and all directly associated addresses have been mapped.

FarpaWkzio7WQVpQeu2eURvNQZ3pCBZupJ95wUjoHcUN

Due to the associated addresses’ heavy involvement in meme coin trading, it’s difficult to pinpoint high-confidence insider trading cases based solely on wallet data—unless Axiom’s internal logs could be accessed to cross-reference the timing of trade orders.

Funds from the associated addresses primarily flowed to the following centralized exchange deposit addresses:

• 9HtKkLzTVUGMS9BDMSXbVjooP1rVoeiFPj3tEtmj7Qn4
• A8XSEaZXYo8eidAMivoAonf8skBeW1QkfprdBJm6eVz
• HPr1MSrSB2i9r9Vcsj8Cmx2sUFGudpDum6kY9dp2ePCN
• Afp4DargofX8K67BRUuhVuoBy1DJn9vTbH3ico9CaNs1
• 6rv1iSZ7YyR18R7EPvXwHdDkNp3qzrE9YPQtPnLVaYbv

(VIII)

Also on the call with Broox was his friend Gowno (Seb), a moderator who recently joined Axiom.

In the first recording, Broox claimed that Ryan (Ryucio)—another business development employee at Axiom—had used the internal backend to query user information for others and said he helped get his friend Mystery a job as a moderator at Axiom.

In the second recording, Broox discussed how Gowno’s responsibilities would expand over time and stated he could eventually assist with wallet queries.

Neither Ryan nor Mystery were present on this recorded call.

(IX)

In this recorded call from February 2026, Broox detailed a plan to use his permissions at Axiom to help Gowno quickly profit $200,000. This aligns closely with similar misconduct he has engaged in with others since early 2025.

In private chats, he also shared screenshots of his exchange account balances, indicating this scheme was already generating actual profits.

(X)

This investigation was commissioned by a client. As an independent investigator, I examined the alleged misconduct within Axiom, and the above constitutes the findings.

Earlier today, I contacted the Axiom team for comment; their official statement is attached to the original article.

Regardless of whether Cal or Mist were aware, the company had virtually no monitoring mechanisms or access controls in place from the outset to prevent such abuse of power.

The scope of data access granted to employees was quite broad—in an easily accessible backend system, employees could see users’ complete wallet lists (including date/time), wallets users were tracking, transaction history, wallet labels, and linked accounts. Such permissions are highly unusual for a business development role.

Given Broox is based in New York, I believe this case could be a good opportunity for the U.S. Attorney’s Office for the Southern District of New York (SDNY) to get involved, as it likely falls within their jurisdiction.

Regardless of whether criminal charges are ultimately filed, I hope the Axiom co-founders will conduct a further internal investigation into these abuses and consider legal action against the implicated employees.

Editor’s Note: This article is compiled from a tweet-based investigative report; images are screenshots of investigation evidence.

この記事はインターネットから得たものです。 On-chain Investigator ZachXBT Confirms: Axiom Employees Exploited Internal Privileges for Insider Trading

関連： x402 12月 トランザクション・データ分析：人々は実際に何を作っているのか？

オリジナル編集：TechFlow 2025年12月のすべてのx402トランザクションデータを分析した：6,300万件の支払い $750万USDC 1,100以上のプロジェクトが参加 これは、AIエージェントが大規模なサービスに対する支払いが可能であることを証明した最初の実例である。以下は我々の調査結果である http://blockrun.ai/state-x402-2025.pdf http://blockrun.ai/state-x402-2025-deck.pdf 簡単な歴史の振り返り：HTTP 402の “Payment Required ”ステータスコードは1997年に定義されたが、実際には使用されなかった。理由は簡単で、クレジットカードは$0.01の支払いを処理するのに$0.30、つまり3000%の手数料を請求するからだ。マイクロペイメントは最初から絶望的だった。ステーブルコインがすべてを変えるまでは。2025年12月のデータスナップショット：6,300万トランザクション $750万USDC流通 64,000のユニークな買い手 10,000のユニークな売り手 平均トランザクションサイズはわずか$0.12：一方、x402は100倍小さな決済を処理している。