ZachXBT’s Full Investigation: Axiom Employees Used Internal Privileges for Insider Trading
TechFlow Selected TechFlow Selected
ZachXBT’s Full Investigation: Axiom Employees Used Internal Privileges for Insider Trading
“The involved employee schemed to help accomplices quickly profit $200,000.”
Navigating Web3 tides with focused insightsAuthor: ZachXBT
Translated by TechFlow
TechFlow Intro: On-chain investigator ZachXBT has released a comprehensive investigative report accusing multiple employees of cryptocurrency exchange Axiom of abusing internal system privileges for over a year to access users’ private wallet information and conduct insider trading. The investigation was commissioned by a client and relies on evidence including recorded phone calls, internal screenshots, and on-chain fund flow diagrams. The implicated employees allegedly orchestrated schemes enabling their associates to profit rapidly—$200,000 in one instance. With over $390 million in revenue to date, Axiom’s case exposes critical gaps in internal permission controls at crypto platforms.
(I)
Meet @WheresBroox (Broox Bauer). He is one of several Axiom employees implicated in this investigation. Since early 2025, Broox allegedly exploited weak internal tool permission controls at @AxiomExchange to access sensitive user information and conduct insider trading by monitoring private wallet activity.
(II)
Axiom is a cryptocurrency exchange founded in 2024 by Mist and Cal. After graduating from Y Combinator’s Winter 2025 batch, it rapidly became one of the most profitable companies in the sector, with cumulative revenue exceeding $390 million to date.
I was commissioned by a client to investigate allegations of misconduct at Axiom following receipt of related reports.
(III)
Broox currently serves as a Senior Business Development employee at Axiom and is based in New York.
In a recorded conversation, Broox stated he could track any Axiom user using referral codes, wallet addresses, or UIDs—and claimed he could “find out everything about that person.”
He also described how he initially queried only 10–20 wallets, gradually increasing the number over time—“so it wouldn’t look too suspicious.”
In another segment of the same recording, Broox outlined rules for team members requesting queries from him and confirmed he would send them full wallet lists.
This complete audio recording originated from a private planning call among members of the group.
(IV)
In April 2025, Broox shared a screenshot from Axiom’s internal admin dashboard showing private wallet information belonging to trader “Jerry.”
In August 2025, Broox sent a second screenshot displaying registration details and associated wallets for trader “Monix.”
Also in August 2025, Broox discussed querying Axiom users who had traded the meme coin “AURA.”
(V)
The group maintained a Google Sheet aggregating wallet addresses of multiple KOL targets. All addresses were compiled by Broox using data extracted from Axiom’s internal backend.
Several KOLs named in or appearing in leaked screenshots have been contacted independently and have verified the accuracy of their wallet data.
(VI)
One targeted KOL is Marcell, a trader notorious for treating his X (formerly Twitter) and Telegram followers as “dump-and-dump” buyers.
He became a target because he routinely accumulates large positions in meme coins via private wallets before promoting them to his followers—a practice known as “pre-loading.”
Traders like Marcell represent ideal targets for such abuse: they rarely reuse addresses, and their private wallets are almost never publicly disclosed—making privileged internal information exceptionally valuable.
(VII)
Broox’s primary wallet was identified via direct private messages, and all directly associated addresses have been mapped.
FarpaWkzio7WQVpQeu2eURvNQZ3pCBZupJ95wUjoHcUN
Given the high volume of meme coin transactions across these associated addresses, identifying high-confidence insider trading cases solely from wallet data remains difficult—unless Axiom’s internal logs become available to cross-check trade timestamps.
Funds from associated addresses primarily flowed to the following centralized exchange deposit addresses:
9HtKkLzTVUGMS9BDMSXbVjooP1rVoeiFPj3tEtmj7Qn4
A8XSEaZXYo8eidAMivoAonf8skBeW1QkfprdBJm6eVz
HPr1MSrSB2i9r9Vcsj8Cmx2sUFGudpDum6kY9dp2ePCN
Afp4DargofX8K67BRUuhVuoBy1DJn9vTbH3ico9CaNs1
6rv1iSZ7YyR18R7EPvXwHdDkNp3qzrE9YPQtPnLVaYbv
(VIII)
Also present in the recorded conversations with Broox was his friend Gowno (Seb), a recently hired Axiom moderator.
In the first recording, Broox claimed Ryan (Ryucio)—another Axiom business development employee—had previously used the internal backend to query user information on behalf of others, and stated he helped his friend Mystery secure a moderator role at Axiom.
In the second recording, Broox discussed how Gowno’s responsibilities would expand over time—and indicated Gowno would eventually assist with wallet queries.
Ryan and Mystery did not appear in either recorded call.
(IX)
In the February 2026 recorded call, Broox detailed a plan to leverage his Axiom privileges to help Gowno generate $200,000 in rapid profits—an arrangement highly consistent with similar violations he engaged in since early 2025.
In private messages, he also shared screenshots of his exchange account balances, confirming the scheme was already generating real returns.
(X)
This investigation was commissioned by a client, and I conducted it independently to examine allegations of misconduct within Axiom. The findings above reflect the conclusions of that investigation.
Earlier today, I contacted the Axiom team for comment; their official statement is appended to the original post.
Regardless of whether Cal or Mist were aware, the company implemented virtually no monitoring mechanisms or access controls from the outset to prevent such abuses.
Employees were granted unusually broad data access—a simple-to-use internal dashboard allowed staff to view users’ full wallet lists (including timestamps), tracked wallets, transaction histories, wallet nicknames, and linked accounts. Such permissions are exceptionally rare for business development roles.
Given Broox’s New York residency, this case may present an opportunity for intervention by the U.S. Attorney’s Office for the Southern District of New York (SDNY), as it likely falls within its jurisdiction.
Whether or not criminal charges are ultimately filed, I urge Axiom’s co-founders to conduct further internal investigations into these abuses and consider pursuing legal action against the implicated employees.
---
⚠️ Editor’s Note: This article is a translation of a Twitter-based investigative report; images are screenshots of evidentiary material.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
深潮TechFlow
