ZachXBT reveals the Axiom insider scandal, how internal employees abuse their privileges?

Author: Chloe, ChainCatcher

The event that has attracted market attention in recent days, accumulating tens of millions of dollars in bets on Polymarket, "Which Crypto company will ZachXBT expose for insider trading?" has finally come to an end. On February 26, on-chain detective ZachXBT officially released an investigation report, pointing the finger directly at the DeFi trading platform Axiom Exchange.

The report accuses that a senior employee of the platform has allegedly abused internal management privileges, illegally accessing users' private wallet data for an extended period and turning this sensitive information into a tool for insider trading. This article will delve into the evidence chain revealed by ZachXBT, where "on-chain transparency" has been hijacked by "off-chain black box management."

ZachXBT Exposes Axiom Exchange Insider Trading Scandal

Axiom Exchange was co-founded by Mist and Cal, and was selected for Y Combinator Winter Batch (W25) in early 2025. This platform delivered an astonishing performance with cumulative revenue exceeding $390 million in just one year. However, behind the impressive financial data, a senior business development employee named Broox Bauer has been turning Axiom's backend tools into a personal hunting ground.

According to ZachXBT's investigation, Broox Bauer did not act alone; he established an organized "information monetization" process, with the core being Axiom's internal control dashboard. Broox could freely query any user's private information through promotional codes, wallet addresses, or UIDs. In a recording, Broox stated that he could "find out anything about that person," and his operations exhibited a strong awareness of counter-surveillance:

1. Initially querying only 10 to 20 wallets to avoid triggering system anomaly alerts.

2. The targets were not randomly selected. For example, a KOL named Marcell became a key tracking target due to his long-term purchases of meme coins with a private wallet while promoting liquidity exits to his fans. The private wallets of such traders are rarely public, and the low address reuse rate makes this information highly arbitrageable.

3. Establishing organization and rules, such as another Axiom employee Ryan (Ryucio) assisting in finding user information, hiring Gowno as a moderator, and compiling these private wallets into Google Sheets for tracking.

These violations continued for over ten months (starting in April 2025), with the evidence chain including backend management screenshots from victims "Jerry" and "Monix." This information also raises questions: why does a business development employee have cross-functional access? The expected monitoring alerts and access isolation clearly did not function.

Axiom's Official Response Fails to Conceal Structural Incompetence

After the release of ZachXBT's report, Axiom's official response followed a standard public relations crisis management approach: issuing a statement expressing "shock and disappointment," revoking access, and initiating an investigation. However, this still does not conceal the underlying structural incompetence; such incidents reveal the platform's failure in access control, rather than merely being the actions of a single employee.

1. Missing Audit Logs

In traditional finance or mature Web2 tech companies, any operation accessing sensitive user data must leave a log. If a business development employee can query hundreds of wallet addresses unrelated to their business, the system should trigger an alert immediately. Axiom's ten-month regulatory vacuum indicates that its internal system may not have an "anomaly detection mechanism," and even whether "operation records" are retained is questionable.

2. The Scope of Victims Remains Unclear

Axiom's statement did not mention the scale of affected users. This raises deeper concerns: if Broox Bauer could access this information, what about other employees? The report mentions moderator Gowno and another business development employee Ryan as accomplices, suggesting that such abuse of privileges may be relatively easy. When an organization's governance structure is based on "trust" rather than "institution," the marginal cost of internal corruption is extremely low.

Are Permissions Just a Facade? The Data Governance Black Hole of Web3 Startups

Further examining the core of this scandal. The dimensions of accessible data listed in ZachXBT's report are alarming: complete wallet lists of users, wallets being tracked by users, complete transaction histories, user-defined wallet note names, and associated accounts. This list encompasses not just transaction data but also reconstructs a complete picture of a user's on-chain behavior pattern.

In traditional financial institutions, access to such data is strictly constrained by the "minimum necessary information principle." Any employee without a clear business necessity is prohibited from accessing sensitive customer data; all access actions must leave an auditable operation log and be periodically reviewed by compliance departments. The design logic of this mechanism is simple: it does not rely on the personal moral standards of employees but instead reduces the damage space before problems occur through dual constraints of technology and systems.

Axiom's backend clearly did not meet this standard. More thought-provoking is that such issues are not isolated cases in Web3 startups. Rapidly expanding teams often concentrate engineering resources on product iteration, while compliance and data governance frameworks are postponed or even viewed as a "let's deal with it after listing" issue. However, once a platform reaches the scale of Axiom, the sensitivity of the data that backend tools can access far exceeds that of the early stages, while the construction of protective mechanisms often remains at the startup level.

This case also reveals the absurd paradox unique to Web3: on-chain transparency does not equate to off-chain transparency. Blockchain provides "anonymized transparency" for transactions; everyone can see the flow of addresses but cannot discern the entities behind them. However, the real risk occurs at the moment users complete registration, bind wallets, and set notes: they hand over the most critical correspondence of "this address's owner is me" to the platform's centralized database.

After this, anonymity gradually becomes an illusion. Once this layer of identity is associated with more information, tagged with more labels, or even abused, on-chain transparency no longer protects users but instead becomes the most precise tool in the hands of perpetrators.

Decentralization at the Protocol Level Does Not Equate to Company Decentralization

The Axiom scandal reveals not just the personal misconduct of a few employees. It serves as a mirror reflecting a significant contradiction that the entire Web3 industry has long avoided under the narrative of "decentralization": decentralization at the protocol level does not equate to decentralization at the operational level of the company.

When a platform's core business still relies on centralized backend systems, manual customer service, and employee judgment, the labels of "DeFi" or "Web3" become more like front-end decorations. Users trust the immutability of smart contracts but forget that at the moment they input personal information and bind wallets, they have handed over the most critical information to a completely centralized organization.

Trust has never been free; in places where systems are not yet mature, the party bearing the cost of trust is always the one with the most asymmetric information.