
On February 26, on-chain investigator ZachXBT released an investigation report accusing multiple employees of the cryptocurrency trading platform Axiom of long-term exploitation of internal backend access vulnerabilities to conduct predatory trading. The investigation focuses on senior business development (BD) employee Broox Bauer at Axiom’s New York office, who assisted co-conspirators in illegally profiting $200,000 in a short period.
(Source: ZachXBT)
According to ZachXBT’s investigation, the root cause of this incident lies in Axiom’s internal backend (Dashboard) lacking effective access control mechanisms. This system not only displays lists of user wallet addresses, referral codes, and user IDs but also tracks addresses users are monitoring, complete transaction histories, and even includes custom nicknames set by users for specific wallets.
ZachXBT obtained recordings and chat screenshots showing Broox Bauer explicitly claiming in a recording that he can track any Axiom user and uncover their full background information. The following are the main steps revealed in the investigation:
Targeting Key Opinion Leaders (KOLs): Starting early 2025, Broox Bauer focused on influential traders on X and Telegram, especially targeting KOLs with “bundling” behaviors—meaning they pre-purchase large amounts of tokens through multiple private wallets before publicly promoting meme coins.
Matching Private Wallets: Using internal Axiom data comparison, they successfully identified private wallet addresses of these KOLs that had not been publicly disclosed, compiling them into a Google spreadsheet.
Joint Ambush with Co-conspirators: Gaining the trust of friend Gowno (Seb, recently hired as Axiom forum moderator) and another BD employee Ryan (Ryucio), they carried out precise follow trades and ambush transactions on tokens like $AURA and other meme coins.
Planning $200,000 in Illegal Profits: In a February 2026 call recording, Broox Bauer detailed how he helped Gowno achieve illegal profits of $200,000 in a short period.
Axiom responded swiftly after the report: “We are shocked and disappointed by team members abusing internal customer support tools to search user wallets. We have revoked access to these tools and will continue investigating and holding responsible those involved. This does not reflect our team’s stance; we remain committed to prioritizing our users.”
Notably, before ZachXBT’s official release of the report, odds on the decentralized prediction platform Polymarket experienced dramatic fluctuations. The initially favored suspects Meteora and Pump.fun quickly lost favor, with all betting funds shifting to Axiom, ultimately leading to an accurate prediction of the target, demonstrating the market’s highly responsive reaction to insider information.
Since Broox Bauer resides in New York, ZachXBT emphasized in the report that this case is highly likely to fall under U.S. federal prosecutors’ jurisdiction, potentially leading to criminal charges. This has sparked widespread discussion within the crypto community regarding platform employees’ data access behaviors.
Axiom was founded in 2024 by Henry Zhang (Mist) and Preston Ellis (Cal), both 22-year-old college graduates who rapidly grew the platform’s total revenue to over $390 million. ZachXBT concluded that whether or not the founders were directly aware, the company’s oversight of employee data access has become nearly completely ineffective, posing systemic risks to user asset privacy.
Q: What is ZachXBT’s investigation report based on as evidence?
A: According to the public report, the evidence includes recordings of calls, chat screenshots, and Google spreadsheets organized by Broox Bauer. These materials show that the involved parties were aware they were abusing internal systems to access user data and had specific plans for illegal profits. The investigation combines on-chain address analysis with off-chain communication records for dual verification.
Q: Why shouldn’t Axiom’s backend dashboard be accessible to business development personnel?
A: Business development (BD) staff typically focus on client relations and partnership development, and normally do not need access to sensitive data such as user wallet addresses, transaction histories, or tracked addresses. Such data access rights are usually limited to technical support, compliance, or security personnel. The incident exposed a lack of role-based access control based on the principle of least privilege.
Q: What impact does this incident have on the Solana ecosystem?
A: Axiom is a leading trading platform within the Solana ecosystem. This scandal damages the overall decentralization image of Solana and has sparked broad industry discussions on internal governance and compliance of on-chain platforms. Many industry insiders believe that transparency should not be limited to on-chain activities; internal compliance audits and data security frameworks are essential for maintaining long-term user trust.
Related Articles
Michael Saylor names Solana and Ethereum as distribution channels! Bitcoin digital credit framework revealed
Solana Payments launches real-time stablecoin settlement, with Visa and PayPal integrated
Solana introduces Solana Payments, providing a real-time payment simulator and developer documentation